Jump to content

hermanph

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01Ran by Monica at 2014-10-28 23:47:31Running from C:\Users\Monica\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3ivx MPEG-4 5.0.1 Decoder (remove only) (HKLM-x32\...\3ivx MPEG-4 5.0.1 Decoder) (Version: 5.0.1 - 3ivx Technologies, Pty. Ltd.)Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) HiddenAdobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)AMD Accelerated Video Transcoding (Version: 12.5.100.21116 - Advanced Micro Devices, Inc.) HiddenAMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) HiddenAMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) HiddenAMD Media Foundation Decoders (Version: 1.0.71116.1554 - Advanced Micro Devices, Inc.) HiddenAMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) HiddenAMD VISION Engine Control Center (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) HiddenAtheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenBing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2380.0 - Microsoft Corporation)Bing Bar Platform (x32 Version: 6.3.2380.0 - Microsoft Corporation) HiddenBing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) HiddenBlackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenBuild-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenChuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenCinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)cmd (HKLM\...\{c47364d8-3a89-4a96-83ca-ff8b61cec670}.sdb) (Version: - )CPUID HWMonitor 1.22 (HKLM\...\CPUID HWMonitor_is1) (Version: - )CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) HiddenDora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) HiddenEnergy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) HiddenESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)FATE (x32 Version: 2.2.0.95 - WildTangent) HiddenFinal Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) HiddenGoogle Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)Google SketchUp 8 (HKLM-x32\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) HiddenHP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) HiddenHP Documentation (HKLM-x32\...\{7C36414C-DC87-4943-A525-BC1717BA17C9}) (Version: 1.1.1.0 - Hewlett-Packard)HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company)HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)HP Software Framework (HKLM-x32\...\{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}) (Version: 4.0.39.1 - Hewlett-Packard Company)HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) HiddenJewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) HiddenJewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenJunk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) HiddenLabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) HiddenMalwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)muvee Plugin 1.0 (HKLM-x32\...\{82CA0A0C-A3EC-4167-B694-909205B2EDEC}) (Version: 1.01.100 - muvee Technologies)Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)Penguins! (x32 Version: 2.2.0.95 - WildTangent) HiddenPhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) HiddenPlants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) HiddenPMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.95 - WildTangent) HiddenPower2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) HiddenPowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) HiddenRealtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) HiddenRoxio CinemaNow 2.0 (x32 Version: 1.0.278 - Hewlett-Packard) HiddenRtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)Sheet Music Plus Digital Print (HKLM-x32\...\com.sheetmusicplus.DigitalAirPrint) (Version: v2011.11.14 - Sheet Music Plus, LLC)Sheet Music Plus Digital Print (x32 Version: 255.11.14 - Sheet Music Plus, LLC) HiddenSmilebox (HKCU\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVirtual Families (x32 Version: 2.2.0.95 - WildTangent) HiddenVirtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) HiddenWheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenWildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent)Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-100646469-3116330291-2473977308-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Monica\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-100646469-3116330291-2473977308-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Monica\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-100646469-3116330291-2473977308-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Monica\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-100646469-3116330291-2473977308-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?CustomCLSID: HKU\S-1-5-21-100646469-3116330291-2473977308-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Monica\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-100646469-3116330291-2473977308-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Monica\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 06-10-2014 23:46:52 Windows Update11-10-2014 12:15:17 Windows Update15-10-2014 23:31:00 Windows Update17-10-2014 10:47:32 Windows Update20-10-2014 18:23:27 Windows Update23-10-2014 22:28:24 Windows Update27-10-2014 10:18:46 Windows Update29-10-2014 03:42:28 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {071C9D9D-2D93-42BF-840C-368B89B7972C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-100646469-3116330291-2473977308-1000UA => C:\Users\Monica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)Task: {64CDC294-94F8-4DBB-9061-CA06E40D953E} - System32\Tasks\{1607071F-627C-4BDC-4547-5EFBBBBFFAFA} => C:\Users\Monica\AppData\Roaming\ebsssue.dll [2014-10-28] () <==== ATTENTIONTask: {C3421AC4-DDFC-49AA-AF71-416AB2E5D8B4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-100646469-3116330291-2473977308-1000Core => C:\Users\Monica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-100646469-3116330291-2473977308-1000Core.job => C:\Users\Monica\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-100646469-3116330291-2473977308-1000UA.job => C:\Users\Monica\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-06-29 22:00 - 2010-06-29 22:00 - 00027192 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe2014-10-28 20:40 - 2014-10-28 20:40 - 00070144 _____ () C:\Users\Monica\AppData\Roaming\ebsssue.dll2014-10-27 18:08 - 2014-10-22 00:04 - 01042760 _____ () C:\Users\Monica\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll2014-10-27 18:08 - 2014-10-22 00:04 - 00211272 _____ () C:\Users\Monica\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll2014-10-27 18:08 - 2014-10-22 00:04 - 08910664 _____ () C:\Users\Monica\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll2014-10-27 18:08 - 2014-10-22 00:04 - 01681224 _____ () C:\Users\Monica\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll2014-10-27 18:08 - 2014-10-22 00:04 - 00310088 _____ () C:\Users\Monica\AppData\Local\Google\Chrome\Application\38.0.2125.111\libexif.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exeMSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s ========================= Accounts: ========================== Administrator (S-1-5-21-100646469-3116330291-2473977308-500 - Administrator - Disabled)Guest (S-1-5-21-100646469-3116330291-2473977308-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-100646469-3116330291-2473977308-1002 - Limited - Enabled)Monica (S-1-5-21-100646469-3116330291-2473977308-1000 - Administrator - Enabled) => C:\Users\Monica ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (10/28/2014 10:46:30 PM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Error: (10/28/2014 08:55:31 PM) (Source: VSS) (EventID: 13) (User: )Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.] Error: (10/28/2014 08:47:22 PM) (Source: VSS) (EventID: 13) (User: )Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.] Error: (10/28/2014 08:47:22 PM) (Source: VSS) (EventID: 13) (User: )Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.] Error: (10/28/2014 03:54:48 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: f48 Start Time: 01cff2dff1b5d12c Termination Time: 0 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error: (10/27/2014 06:28:33 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: df0 Start Time: 01cff1d04cb9c6ee Termination Time: 31 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: eb7ec9b3-5dc3-11e4-bae2-643150574d4a Error: (10/25/2014 09:09:09 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Error: (10/21/2014 09:12:22 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 940 Start Time: 01cfed922acd47ec Termination Time: 108 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error: (10/21/2014 04:00:27 PM) (Source: ESENT) (EventID: 215) (User: )Description: wlcomm (3880) C:\Users\Monica\AppData\Local\Microsoft\Windows Live Contacts\{d6f6e27a-01ec-402a-89d8-22147a971d69}\: The backup has been stopped because it was halted by the client or the connection with the client failed. Error: (10/21/2014 11:46:02 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. System errors:=============Error: (10/28/2014 11:23:37 PM) (Source: Microsoft Antimalware) (EventID: 2031) (User: )Description: %%860 has encountered an error trying to download and configure Windows Defender Offline. Error code: 0x80070002 Error description: The system cannot find the file specified. Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk0\DR0. Microsoft Office Sessions:=========================Error: (10/28/2014 10:46:30 PM) (Source: CVHSVC) (EventID: 100) (User: )Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Error: (10/28/2014 08:55:31 PM) (Source: VSS) (EventID: 13) (User: )Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied. Error: (10/28/2014 08:47:22 PM) (Source: VSS) (EventID: 13) (User: )Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied. Error: (10/28/2014 08:47:22 PM) (Source: VSS) (EventID: 13) (User: )Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied. Error: (10/28/2014 03:54:48 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: IEXPLORE.EXE11.0.9600.17344f4801cff2dff1b5d12c0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Error: (10/27/2014 06:28:33 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: iexplore.exe11.0.9600.17344df001cff1d04cb9c6ee31C:\Program Files\Internet Explorer\iexplore.exeeb7ec9b3-5dc3-11e4-bae2-643150574d4a Error: (10/25/2014 09:09:09 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Error: (10/21/2014 09:12:22 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: IEXPLORE.EXE11.0.9600.1734494001cfed922acd47ec108C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Error: (10/21/2014 04:00:27 PM) (Source: ESENT) (EventID: 215) (User: )Description: wlcomm3880C:\Users\Monica\AppData\Local\Microsoft\Windows Live Contacts\{d6f6e27a-01ec-402a-89d8-22147a971d69}\: Error: (10/21/2014 11:46:02 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. ==================== Memory info =========================== Processor: AMD V140 ProcessorPercentage of memory in use: 65%Total physical RAM: 1786.9 MBAvailable physical RAM: 608.6 MBTotal Pagefile: 3573.8 MBAvailable Pagefile: 1536.22 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:215.36 GB) (Free:126.15 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (RECOVERY) (Fixed) (Total:17.22 GB) (Free:2.49 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 232.9 GB) (Disk ID: 4BE9BCC0)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=215.4 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=17.2 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================
  2. FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01Ran by Monica (administrator) on MONICA-LAPTOP on 28-10-2014 23:44:27Running from C:\Users\Monica\DownloadsLoaded Profile: Monica (Available profiles: Monica)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Google Inc.) C:\Users\Monica\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Monica\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Monica\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Monica\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Monica\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe(Microsoft Corporation) C:\Windows\System32\regsvr32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKU\S-1-5-21-100646469-3116330291-2473977308-1000\...\Run: [Google Update] => C:\Users\Monica\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-17] (Google Inc.)HKU\S-1-5-21-100646469-3116330291-2473977308-1000\...\Run: [intelPowerAgent64] => rundll32.exe shell32.dll, ShellExec_RunDLL C:\PROGRA~3\2D04D4~1.EXEHKU\S-1-5-21-100646469-3116330291-2473977308-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!BootExecute: autocheck autochk * ᔃ߾샀ε ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeHKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x04873C89FDE3CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.aspHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {666FD71D-D834-4AD2-B982-D4215699B003} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqlSearchScopes: HKLM - {8D9DFDDA-92A8-4721-A4CD-C165FCB17188} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDFSearchScopes: HKLM - {ED57C464-6070-4036-8614-E153E5CD8346} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {666FD71D-D834-4AD2-B982-D4215699B003} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqlSearchScopes: HKLM-x32 - {8D9DFDDA-92A8-4721-A4CD-C165FCB17188} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDFSearchScopes: HKLM-x32 - {ED57C464-6070-4036-8614-E153E5CD8346} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKCU - {666FD71D-D834-4AD2-B982-D4215699B003} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqlSearchScopes: HKCU - {8D9DFDDA-92A8-4721-A4CD-C165FCB17188} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDFSearchScopes: HKCU - {B2E44F18-B13E-4FEE-8468-060C850D3B0F} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=A883678A-7CCF-4C2E-BCDC-433CD7308DB1&apn_sauid=2D37B9D2-24B1-4A16-9859-C98C1BDFCDE5SearchScopes: HKCU - {ED57C464-6070-4036-8614-E153E5CD8346} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No FileBHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No FileBHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Monica\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Monica\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Monica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtensionFF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-07-05]FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtensionFF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-07-05] Chrome: =======CHR HomePage: Default -> CHR Profile: C:\Users\Monica\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]CHR Extension: (Google Cast) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-03-02]CHR Extension: (Google Search) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-23]CHR Extension: (Google Wallet) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]CHR Extension: (Gmail) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-23] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.) [File not signed]S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-22] (WildTangent)S3 GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [197632 2014-04-22] (WildTangent, Inc.) [File not signed]R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-06-22] (Hewlett-Packard Company) [File not signed]R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-04-19] (Realtek Semiconductor Corp.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-28 23:44 - 2014-10-28 23:46 - 00014777 _____ () C:\Users\Monica\Downloads\FRST.txt2014-10-28 23:43 - 2014-10-28 23:44 - 00000000 ____D () C:\FRST2014-10-28 23:42 - 2014-10-28 23:43 - 02113024 _____ (Farbar) C:\Users\Monica\Downloads\FRST64.exe2014-10-28 23:33 - 2014-10-28 23:35 - 00000000 ____D () C:\8f60046e34fc4ae0e20bd7c0d986f1322014-10-28 23:32 - 2014-10-28 23:33 - 00913408 _____ (Microsoft Corporation) C:\Users\Monica\Downloads\mssstool64.exe2014-10-28 22:32 - 2014-10-28 22:32 - 00010562 _____ () C:\Users\Monica\Desktop\log1.xml2014-10-28 21:09 - 2014-10-28 21:09 - 00000276 _____ () C:\ProgramData\INSTALL_TOR.URL2014-10-28 20:58 - 2014-10-28 20:59 - 00000085 _____ () C:\Users\Monica\AppData\Roaming\a686dd012014-10-28 20:58 - 2014-10-28 20:58 - 00000010 _____ () C:\Users\Monica\AppData\Roaming\a686dd022014-10-28 20:47 - 2014-10-28 22:07 - 00000000 _____ () C:\ProgramData\@system.att2014-10-28 20:47 - 2014-10-28 20:55 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp2014-10-28 20:47 - 2014-10-28 20:47 - 00000051 _____ () C:\Windows\SysWOW64\1570090490.bat2014-10-28 20:43 - 2014-10-28 20:55 - 00001104 ____H () C:\ProgramData\@system2.att2014-10-28 20:43 - 2014-10-28 20:43 - 00000448 ____H () C:\Users\Monica\AppData\Roaming\麽鎒駓覜2014-10-28 20:43 - 2014-10-28 20:43 - 00000000 _____ () C:\Users\Monica\AppData\Roaming\nfrpe.dll2014-10-28 20:41 - 2014-10-28 20:41 - 00000000 ___HD () C:\083ff962014-10-28 20:40 - 2014-10-28 20:40 - 00070144 _____ () C:\Users\Monica\AppData\Roaming\ebsssue.dll2014-10-28 20:40 - 2014-10-28 20:40 - 00004058 _____ () C:\Windows\System32\Tasks\{1607071F-627C-4BDC-4547-5EFBBBBFFAFA}2014-10-28 20:36 - 2014-10-28 20:39 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage2014-10-28 19:33 - 2014-10-28 19:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe2014-10-28 19:33 - 2014-10-28 19:33 - 00000000 ____D () C:\Users\Administrator2014-10-16 12:18 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-10-16 12:18 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-10-16 12:18 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-10-16 12:18 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-16 12:18 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-16 12:18 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-16 12:18 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-16 12:18 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-16 12:18 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-16 12:18 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-16 12:17 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-16 12:17 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-10-16 12:17 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-16 12:17 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-16 12:17 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-16 12:17 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-16 12:17 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-16 12:17 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-16 12:17 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-16 12:17 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-16 12:17 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-16 12:17 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-16 12:17 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-16 12:17 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-16 12:17 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-16 12:17 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-16 12:17 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-16 12:17 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-16 12:17 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-16 12:17 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-16 12:17 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-16 12:17 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-16 12:17 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-16 12:17 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-16 12:17 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-16 12:17 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-16 12:17 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-16 12:17 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-16 12:17 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-16 12:17 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-16 12:17 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-16 12:17 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-16 12:17 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-10-16 12:17 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-16 12:17 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-16 12:17 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-10-16 12:17 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-16 12:17 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-16 12:17 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-16 12:17 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-10-16 12:17 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-16 12:17 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-16 12:17 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-10-16 12:17 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-16 12:17 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-16 12:17 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-16 12:17 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-16 12:17 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-16 12:17 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-10-16 12:17 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-16 12:17 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-16 12:17 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-16 12:17 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-16 12:17 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-16 12:17 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-16 12:17 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-10-16 12:16 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-16 12:16 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-10-16 12:16 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-16 12:16 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-16 12:15 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-16 12:15 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-10-16 12:15 - 2014-09-04 22:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-16 12:15 - 2014-09-04 21:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-16 12:15 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-16 12:15 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-16 12:15 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-16 12:15 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-16 12:15 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-16 12:15 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-16 12:15 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-16 12:15 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-10-16 12:15 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-10-16 12:15 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-16 12:15 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-03 22:53 - 2014-10-03 22:53 - 00003140 _____ () C:\Windows\System32\Tasks\{AE19CD86-4386-42E5-B9B5-0024187DEB1E}2014-10-01 08:33 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-10-01 08:33 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-28 23:42 - 2011-04-13 09:05 - 01329498 _____ () C:\Windows\WindowsUpdate.log2014-10-28 23:38 - 2009-07-14 00:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-28 23:38 - 2009-07-14 00:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-28 23:36 - 2013-11-03 16:52 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-100646469-3116330291-2473977308-1000UA.job2014-10-28 23:21 - 2014-08-06 08:54 - 00002240 _____ () C:\Windows\setupact.log2014-10-28 23:21 - 2013-10-06 16:55 - 00113994 _____ () C:\Windows\PFRO.log2014-10-28 23:21 - 2009-07-14 01:08 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-10-28 23:21 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-28 22:42 - 2014-07-04 01:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-28 21:22 - 2014-07-04 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-28 21:22 - 2014-07-04 01:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-10-28 21:11 - 2013-05-16 16:04 - 00000000 ____D () C:\ProgramData\Wild Tangent2014-10-28 21:11 - 2013-02-17 17:41 - 00000000 ____D () C:\Users\Monica\AppData\Local\AMD2014-10-28 21:03 - 2011-04-13 09:17 - 00000000 ____D () C:\ProgramData\Sonic2014-10-28 21:03 - 2010-07-10 22:15 - 00000000 ____D () C:\ProgramData\Symantec2014-10-28 21:02 - 2010-07-10 22:36 - 00000000 ____D () C:\ProgramData\Hewlett-Packard2014-10-28 21:01 - 2009-07-13 19:19 - 00434096 ___SH () C:\ProgramData\2d04d40f2h.exe2014-10-28 14:48 - 2011-05-08 19:38 - 00000000 ____D () C:\Users\Monica2014-10-28 12:01 - 2013-11-03 16:52 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-100646469-3116330291-2473977308-1000Core.job2014-10-27 18:08 - 2012-09-17 21:10 - 00002374 _____ () C:\Users\Monica\Desktop\Google Chrome.lnk2014-10-23 11:30 - 2013-11-03 16:52 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-100646469-3116330291-2473977308-1000UA2014-10-23 11:30 - 2013-11-03 16:52 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-100646469-3116330291-2473977308-1000Core2014-10-17 09:05 - 2009-07-14 00:45 - 00278976 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-17 09:00 - 2014-05-07 07:21 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-10-17 08:26 - 2013-08-18 03:02 - 00000000 ____D () C:\Windows\system32\MRT2014-10-17 06:51 - 2011-05-13 23:50 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-16 20:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-10-14 22:22 - 2011-07-06 08:12 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\SoftGrid Client2014-10-04 22:23 - 2009-07-14 01:13 - 00795788 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-03 23:01 - 2013-01-23 23:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-10-03 23:01 - 2013-01-23 23:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-10-02 21:16 - 2011-07-02 12:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk2014-10-01 11:11 - 2014-07-04 01:04 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-10-01 11:11 - 2014-07-04 01:04 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-10-01 11:11 - 2011-07-02 13:28 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Files to move or delete:====================C:\ProgramData\2d04d40f2h.exeC:\ProgramData\dj46j826bj.exe Some content of TEMP:====================C:\Users\Monica\AppData\Local\Temp\avgnt.exeC:\Users\Monica\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 20:03 ==================== End Of Log ============================
  3. malwarebytes log Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 10/28/2014Scan Time: 9:26:54 PMLogfile: log1.txtAdministrator: Yes Version: 2.00.3.1025Malware Database: v2014.10.29.02Rootkit Database: v2014.10.22.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Monica Scan Type: Threat ScanResult: CompletedObjects Scanned: 333172Time Elapsed: 1 hr, 2 min, 52 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 4Backdoor.Bot.ED, HKU\S-1-5-21-100646469-3116330291-2473977308-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ChromeUpdate, C:\Users\Monica\AppData\Roaming\ChromeUpdate.exe, , [7105d248dd9fec4a085917c25aa73dc3]Trojan.FakeGoog, HKU\S-1-5-21-100646469-3116330291-2473977308-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleUpdate, C:\Users\Monica\AppData\Roaming\GoogleUpdate.exe, , [f680ad6ddca063d3178e9f82d332e51b]PUM.UserWLoad, HKU\S-1-5-21-100646469-3116330291-2473977308-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load, C:\Users\Monica\LOCALS~1\Temp\msivqaza.com, , [7ff76ab049335bdb3b08036211f29d63]Trojan.Ransom, HKU\S-1-5-21-100646469-3116330291-2473977308-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load, C:\Users\Monica\LOCALS~1\Temp\msivqaza.com, , [91e54eccd2aa13239e403830cc37c937] Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 14Backdoor.Bot.ED, C:\Users\Monica\AppData\Roaming\ChromeUpdate.exe, , [7105d248dd9fec4a085917c25aa73dc3], Trojan.FakeGoog, C:\Users\Monica\AppData\Roaming\GoogleUpdate.exe, , [f680ad6ddca063d3178e9f82d332e51b], Backdoor.Bot.ED, C:\Users\Monica\AppData\Local\Temp\msivqaza.com, , [32444dcdd0ac191d62ff6a6f9f6204fc], Trojan.Agent.FF, C:\ProgramData\Windows Genuine Advantage\{36057C14-A0BE-4F0B-B1C8-FD34C2CFF7E3}\msiexec.exe, , [4432e436ec90a294af1925ec9c650000], Trojan.Agent.FF, C:\ProgramData\Windows Genuine Advantage\{9C8AAC5C-600E-4096-8186-AA70CA2A7CC7}\msiexec.exe, , [3b3b6ab05d1f6fc731974ec3c839bd43], Backdoor.Bot.ED, C:\ProgramData\Windows Genuine Advantage\{D3CB926E-B13E-4970-821B-D53C905E63D3}\msiexec.exe, , [f383e535a4d8999da0c1e7f207fa946c], Backdoor.Bot.ED, C:\ProgramData\Windows Genuine Advantage\{D4697492-EB9F-4115-BEA8-4DEEB1D4FC83}\msiexec.exe, , [6f077c9e90ec38fe0e537663ee138977], Backdoor.Bot.ED, C:\Users\Monica\AppData\Roaming\083ff96.exe, , [ee88b268413b5adc3d2461788e73b54b], Backdoor.Bot.ED, C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\083ff96.exe.vir, , [a3d343d70577f046b1b098416f92649c], Backdoor.Bot.ED, C:\Users\Monica\AppData\Local\Temp\D77C.tmp, , [71050119f18bcb6bb5ac7366cc355ca4], Trojan.FakeGoog, C:\Users\Monica\AppData\Local\Temp\BC9A.tmp, , [cea85cbe7903aa8c95109988da2b37c9], Trojan.FakeGoog, C:\Users\Monica\AppData\Local\Temp\671B.tmp, , [0f6756c4621a2610cadbff22f60f16ea], Backdoor.Bot.ED, C:\Users\Monica\AppData\Local\Temp\2109.tmp, , [8fe767b3cbb1da5cf86940993ac738c8], Trojan.FakeMS, C:\Users\Monica\AppData\Local\Temp\UpdateFlashPlayer_cb0263da.exe, , [086e051587f572c4ca7a342499678080], Physical Sectors: 0(No malicious items detected) (end)
  4. Hello - I have a sick PC. This evening my wife said, "Something is wrong with my laptop." With the little bit of knowledge on this that I have, I checked the PC resources and found everything was pegged. Several "COM Surrogate" processes were running. A few minutes after I looked at it, it re-booted by itself and then Microsoft Security Essentials began alerting that it had detected malware. I ran a scan with malwarebytes and selected option to take recommended action. I have the log and can attach or paste. I also downloaded and ran Farbar and have FRST and Addition logs. Any help would be GREATLY appreciated. Thank You!!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.