Jump to content

lauras2013

Honorary Members
  • Posts

    33
  • Joined

  • Last visited

Everything posted by lauras2013

  1. I think we can close this topic & Thanks for your help. I wasn't able to get anything done, not even a reset. Apparently it's not seeing my hard drive at all. Luckily it's under warranty and Asus will put in a new one. I was using windows defender, is there any particular software you recommend for preventing this? I didn't see anything on the forums, but I'm probably missing it... Again, thanks. :0)
  2. I'm on windows 8. I'm downloading an installation disk & will post again if I am able to get into the computer via safe mode, it looks like it will take a while...
  3. I forgot to say that I hadn't done that last step yet- had to get to work.
  4. Ok, so this morning I woke up and malwarebytes found 308 infections. I woke my son up and asked what programs he has been using (although before I looked for any 'torrent' programs and found none.) I went to go to his log in and the computer stalled. It just wouldn't go anywhere. I shut it down (juts by pressing power button) and tried to start again- and again it is on but not doing anything. I tried F8 but nothing is happening. I am going to go insane. So first, if there is anyway I can get into my computer that would be great. Then second, how would I know if he is using any peer to peer software?
  5. Here is the doc... it shows windows defender was up but it didn't stop me or anything. let me know if you want me to try again with it turned off Results of screen317's Security Check version 0.99.96 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 31 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Adobe Reader 10.1.13 Adobe Reader out of Date! Mozilla Firefox (35.0.1) Google Chrome (40.0.2214.111) Google Chrome (40.0.2214.115) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  6. Ok,last 2! Thanks again for your help! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.2 (02.02.2015:1)OS: Windows 8.1 x64Ran by Laura on Fri 02/20/2015 at 13:37:02.65~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\Laura\AppData\Roaming\mozilla\firefox\profiles\jbpqc4lc.default\minidumps [2 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 02/20/2015 at 13:39:51.74End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Tue Feb 10 23:00:57 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 10 23:09:46 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 11 11:03:50 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 11 11:04:08 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 11 11:23:20 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 11 11:23:33 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 11 12:14:25 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 11 12:14:38 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 11 12:49:14 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 11 12:49:18 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 11 13:14:37 2015 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 11 19:08:27 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 11 19:10:44 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 11 20:32:54 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 11 20:33:01 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Thu Feb 12 18:08:39 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 12 18:08:52 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Thu Feb 12 21:23:08 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 12 21:23:14 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Thu Feb 12 22:53:14 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 12 22:53:25 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Fri Feb 13 09:17:08 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 13 09:17:14 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Fri Feb 13 10:36:36 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 13 10:36:55 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Fri Feb 13 11:35:55 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 13 11:36:00 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Fri Feb 13 12:35:39 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 13 12:35:45 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Fri Feb 13 15:12:33 2015 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sat Feb 14 08:53:13 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 08:53:20 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sat Feb 14 09:28:35 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 09:28:38 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sat Feb 14 09:41:34 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 09:41:44 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sat Feb 14 09:53:43 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 09:53:49 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sat Feb 14 10:18:01 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 10:18:13 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sat Feb 14 11:10:10 2015 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sat Feb 14 19:20:30 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 19:24:39 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sat Feb 14 20:31:28 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 20:31:39 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sat Feb 14 20:35:59 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 20:36:03 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sat Feb 14 20:47:00 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 20:47:08 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sat Feb 14 21:04:10 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 21:04:15 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sun Feb 15 13:02:35 2015 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sun Feb 15 13:35:39 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 15 13:37:26 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sun Feb 15 14:23:58 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 15 14:24:05 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sun Feb 15 14:33:16 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 15 14:33:18 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sun Feb 15 17:50:09 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 15 17:50:18 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sun Feb 15 21:58:00 2015 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Mon Feb 16 11:07:04 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 16 11:07:43 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Mon Feb 16 16:01:24 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 16 16:01:29 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Mon Feb 16 17:29:26 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 16 17:29:30 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Mon Feb 16 20:43:51 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 16 20:43:54 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Mon Feb 16 20:46:51 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 16 20:46:54 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Mon Feb 16 21:03:32 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 16 21:03:36 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Mon Feb 16 21:19:53 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 16 21:19:57 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Mon Feb 16 21:25:41 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 16 21:25:43 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Mon Feb 16 21:33:38 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 16 21:33:42 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Mon Feb 16 21:42:42 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 16 21:42:47 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Mon Feb 16 22:01:38 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 16 22:01:43 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Mon Feb 16 22:35:25 2015 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Tue Feb 17 09:28:31 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 17 09:28:44 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Tue Feb 17 10:05:34 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 17 10:05:37 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Tue Feb 17 13:11:26 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 17 13:11:30 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Tue Feb 17 13:51:22 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 17 13:51:24 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Tue Feb 17 14:50:45 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 17 14:50:52 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Tue Feb 17 17:33:18 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 17 17:33:24 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Tue Feb 17 17:43:23 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 17 17:43:28 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Tue Feb 17 19:33:57 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 17 19:34:13 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 18 09:40:10 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 18 09:40:31 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 18 10:48:12 2015 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 18 11:18:04 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 18 11:19:11 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 18 11:50:45 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 18 11:50:51 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 18 12:09:54 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 18 12:09:57 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 18 13:00:44 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 18 13:00:52 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 18 13:15:34 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 18 13:15:35 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 18 13:29:56 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 18 13:29:58 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 18 17:18:30 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 18 17:18:41 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 18 21:17:32 2015 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 18 22:49:46 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 18 22:50:01 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 18 23:06:17 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 18 23:06:21 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Wed Feb 18 23:24:29 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 18 23:24:33 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Thu Feb 19 16:47:09 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 19 16:58:03 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Thu Feb 19 18:14:14 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 19 18:14:20 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Thu Feb 19 20:35:34 2015 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Thu Feb 19 20:36:03 2015 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Thu Feb 19 23:33:45 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 19 23:34:06 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Fri Feb 20 11:05:06 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 20 11:06:54 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Fri Feb 20 12:48:24 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 20 12:48:49 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Fri Feb 20 13:04:40 2015 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Fri Feb 20 13:43:28 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0
  7. First three steps done.. still working. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01Ran by Laura at 2015-02-20 12:14:26 Run:1Running from C:\Users\Laura\DesktopLoaded Profiles: Laura (Available profiles: Laura & Cole & Guest)Boot Mode: Normal============================================== Content of fixlist:*****************startHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONS2 csrcc; "C:\Program Files\shopperz\csrcc.exe" [X]C:\Program Files\shopperzU4 BthAvrcpTg; No ImagePathU4 BthHFEnum; No ImagePathU4 bthhfhid; No ImagePathU0 ikavq; C:\Windows\System32\drivers\dwuywgg.sys [79064 2015-02-19] (Malwarebytes Corporation)C:\Windows\System32\drivers\dwuywgg.sysU0 lndmkbit; C:\Windows\System32\drivers\daheeyp.sys [79064 2015-02-18] (Malwarebytes Corporation)C:\Windows\System32\drivers\daheeyp.sysU0 uinmwft; C:\Windows\System32\drivers\itftntls.sys [79064 2015-02-18] (Malwarebytes Corporation)C:\Windows\System32\drivers\itftntls.sysC:\ProgramData\SetStretch.exeC:\ProgramData\SetStretch.VBSC:\Users\Laura\AppData\Local\Temp\0EC7CA1C-442F-ACD8-5237-136F59B159D8.exeC:\Users\Laura\AppData\Local\Temp\B663B43C-99A6-5DCF-9521-65BEDC2412F1.dllC:\Users\Laura\AppData\Local\Temp\B663B43C-99A6-5DCF-9521-65BEDC2412F1.exeC:\Users\Laura\AppData\Local\Temp\Itibiti_Knctr_C.exeC:\Users\Laura\AppData\Local\Temp\OnlineBackup.exeC:\Users\Laura\AppData\Local\Temp\Quarantine.exeC:\Users\Laura\AppData\Local\Temp\sqlite3.dllC:\Users\Laura\AppData\Local\Temp\vcredist_x64.exeAlternateDataStreams: C:\Users\Cole\OneDrive:ms-propertiesEmptyTemp:end ***************** "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.csrcc => Error deleting Service"C:\Program Files\shopperz" => File/Directory not found.BthAvrcpTg => Service deleted successfully.BthHFEnum => Service deleted successfully.bthhfhid => Service deleted successfully.ikavq => Service deleted successfully.C:\Windows\System32\drivers\dwuywgg.sys => Moved successfully.lndmkbit => Service deleted successfully.C:\Windows\System32\drivers\daheeyp.sys => Moved successfully.uinmwft => Service deleted successfully.C:\Windows\System32\drivers\itftntls.sys => Moved successfully.C:\ProgramData\SetStretch.exe => Moved successfully.C:\ProgramData\SetStretch.VBS => Moved successfully.C:\Users\Laura\AppData\Local\Temp\0EC7CA1C-442F-ACD8-5237-136F59B159D8.exe => Moved successfully.C:\Users\Laura\AppData\Local\Temp\B663B43C-99A6-5DCF-9521-65BEDC2412F1.dll => Moved successfully.C:\Users\Laura\AppData\Local\Temp\B663B43C-99A6-5DCF-9521-65BEDC2412F1.exe => Moved successfully.C:\Users\Laura\AppData\Local\Temp\Itibiti_Knctr_C.exe => Moved successfully.C:\Users\Laura\AppData\Local\Temp\OnlineBackup.exe => Moved successfully.C:\Users\Laura\AppData\Local\Temp\Quarantine.exe => Moved successfully.C:\Users\Laura\AppData\Local\Temp\sqlite3.dll => Moved successfully.C:\Users\Laura\AppData\Local\Temp\vcredist_x64.exe => Moved successfully."C:\Users\Cole\OneDrive" => ":ms-properties" ADS not found.EmptyTemp: => Removed 973.8 MB temporary data. The system needed a reboot. ==== End of Fixlog 12:15:09 ====--- Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 2/20/2015Scan Time: 12:23:03 PMLogfile: Administrator: Yes Version: 2.00.4.1028Malware Database: v2015.02.20.07Rootkit Database: v2015.02.20.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: Laura Scan Type: Threat ScanResult: CompletedObjects Scanned: 436656Time Elapsed: 19 min, 19 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 2PUP.Optional.Shopperz.A, HKLM\SOFTWARE\shopperz, Delete-on-Reboot, [dcdbde427a1065d1bf8d5e3cff0423dd], PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\shopperz, Delete-on-Reboot, [05b24ed26228f4422f1d44568b787789], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1PUP.Optional.Shopperz.A, C:\WINDOWS\SYSTEM32\drivers\bsdriver.sys, Delete-on-Reboot, [46d8e376f470bb7659741dd1c1bebdd3], Physical Sectors: 0(No malicious items detected) (end) --- # AdwCleaner v4.111 - Logfile created 20/02/2015 at 13:16:02# Updated 18/02/2015 by Xplode# Database : 2015-02-18.3 [server]# Operating system : Windows 8.1 (x64)# Username : Laura - LAPTOP# Running from : C:\Users\Laura\Desktop\its the clean desktop folder\AdwCleaner.exe# Option : Cleaning ***** [ Services ] ***** [#] Service Deleted : csrcc ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu \Programs\turbodiagnosisFolder Deleted : C:\Program Files (x86)\download ManagerFile Deleted : C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Local Storage \hxxps_static.olark.com_0.localstorage ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v35.0.1 (x86 en-US) -\\ Google Chrome v40.0.2214.115 [C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default \Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}[C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default \Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} ************************* AdwCleaner[R0].txt - [5629 bytes] - [08/02/2015 23:23:49]AdwCleaner[R1].txt - [1870 bytes] - [09/02/2015 09:29:15]AdwCleaner[R2].txt - [1984 bytes] - [09/02/2015 11:15:38]AdwCleaner[R3].txt - [1724 bytes] - [20/02/2015 13:12:41]AdwCleaner[s0].txt - [5443 bytes] - [08/02/2015 23:32:34]AdwCleaner[s1].txt - [1964 bytes] - [09/02/2015 09:31:31]AdwCleaner[s2].txt - [2072 bytes] - [09/02/2015 11:19:05]AdwCleaner[s3].txt - [1667 bytes] - [20/02/2015 13:16:02] ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1726 bytes] ##########
  8. Just a little info, my son downloaded malware (shopperz and others) and I tried to go to a restore point on the computer. Didn't work. Did Revo ununstaller. Caught some but not everything. I did the Malware bytes and it seemed to find everything. But then every few days more pops up in the malwarebytes scans so I'm assuming there is something left somewhere that is causing more to be downloaded to my computer. Ugh! Thanks so much. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01Ran by Laura (administrator) on LAPTOP on 20-02-2015 10:51:13Running from C:\Users\Laura\DownloadsLoaded Profiles: Laura (Available profiles: Laura & Cole & Guest)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe() C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE(AMD) C:\Windows\System32\atieclxx.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Adobe Systems) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.7\lightroom.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-03-26] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [374024 2012-10-23] (IVT Corporation)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)HKU\S-1-5-21-1432604938-1182428816-157698692-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2014-09-23] (Microsoft Corporation)HKU\S-1-5-21-1432604938-1182428816-157698692-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnkShortcutTarget: Curse.lnk -> C:\Users\Laura\AppData\Roaming\Curse Client\Bin\Curse.exe (No File)ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1432604938-1182428816-157698692-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.comHKU\S-1-5-21-1432604938-1182428816-157698692-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.comSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 FireFox:========FF ProfilePath: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\jbpqc4lc.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1217157.dll No FileFF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKU\S-1-5-21-1432604938-1182428816-157698692-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Laura\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin HKU\S-1-5-21-1432604938-1182428816-157698692-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) Chrome: =======CHR Profile: C:\Users\Laura\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-20]CHR Extension: (Google Drive) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-20]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-20]CHR Extension: (YouTube) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-20]CHR Extension: (Google Search) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-20]CHR Extension: (Google Wallet) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-20]CHR Extension: (Gmail) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS)R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1616136 2012-11-20] (IVT Corporation)R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-10-23] (IVT Corporation)R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2014-12-03] ()R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)S2 csrcc; "C:\Program Files\shopperz\csrcc.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-04-24] (Advanced Micro Devices)R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-06-28] (ASUS Corporation)R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [35832 2015-02-08] ()R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)U4 BthAvrcpTg; No ImagePathU4 BthHFEnum; No ImagePathU4 bthhfhid; No ImagePathR3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49504 2012-10-31] (Ralink Corporation)R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-01-20] (LogMeIn Inc.)U0 ikavq; C:\Windows\System32\drivers\dwuywgg.sys [79064 2015-02-19] (Malwarebytes Corporation)R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )U0 lndmkbit; C:\Windows\System32\drivers\daheeyp.sys [79064 2015-02-18] (Malwarebytes Corporation)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-20] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [692832 2012-10-09] (Ralink Technology, Corp.)U0 uinmwft; C:\Windows\System32\drivers\itftntls.sys [79064 2015-02-18] (Malwarebytes Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-20 10:51 - 2015-02-20 10:51 - 00019211 _____ () C:\Users\Laura\Downloads\FRST.txt2015-02-20 10:50 - 2015-02-20 10:51 - 00000000 ____D () C:\FRST2015-02-20 10:50 - 2015-02-20 10:50 - 02086912 _____ (Farbar) C:\Users\Laura\Downloads\FRST64.exe2015-02-19 23:44 - 2015-02-19 23:44 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\dwuywgg.sys2015-02-18 23:25 - 2015-02-18 23:25 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\daheeyp.sys2015-02-18 09:47 - 2015-02-18 09:47 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\itftntls.sys2015-02-15 22:04 - 2015-02-15 22:04 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler2015-02-14 08:23 - 2015-02-20 08:55 - 00000000 ____D () C:\Users\Laura\AppData\Local\LogMeIn Hamachi2015-02-14 08:23 - 2015-02-14 08:23 - 00000000 ____D () C:\Users\Laura\AppData\Local\LogMeIn2015-02-13 20:02 - 2015-02-19 19:42 - 00000000 ____D () C:\Users\Cole\AppData\Local\LogMeIn Hamachi2015-02-13 20:02 - 2015-02-13 20:02 - 00000000 ____D () C:\Users\Cole\AppData\Local\LogMeIn2015-02-13 20:02 - 2015-02-13 20:02 - 00000000 ____D () C:\ProgramData\LogMeIn2015-02-13 20:00 - 2015-02-13 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi2015-02-13 20:00 - 2015-02-13 20:00 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi2015-02-11 17:06 - 2015-01-22 21:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2015-02-11 17:06 - 2015-01-22 20:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2015-02-10 19:51 - 2015-01-10 00:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2015-02-10 19:51 - 2015-01-09 23:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2015-02-10 19:50 - 2015-01-19 11:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll2015-02-10 19:50 - 2015-01-15 15:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2015-02-10 19:50 - 2015-01-15 15:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys2015-02-10 19:50 - 2015-01-13 21:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2015-02-10 19:50 - 2015-01-13 20:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2015-02-10 19:50 - 2015-01-13 15:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll2015-02-10 19:50 - 2015-01-13 15:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll2015-02-10 19:50 - 2015-01-11 20:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2015-02-10 19:50 - 2015-01-11 19:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2015-02-10 19:50 - 2015-01-11 19:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2015-02-10 19:50 - 2015-01-11 19:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll2015-02-10 19:50 - 2015-01-11 19:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2015-02-10 19:50 - 2015-01-11 19:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2015-02-10 19:50 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2015-02-10 19:50 - 2015-01-11 19:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2015-02-10 19:50 - 2015-01-11 19:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2015-02-10 19:50 - 2015-01-11 19:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2015-02-10 19:50 - 2015-01-11 19:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2015-02-10 19:50 - 2015-01-11 18:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2015-02-10 19:50 - 2015-01-11 18:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2015-02-10 19:50 - 2015-01-11 18:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll2015-02-10 19:50 - 2015-01-11 18:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2015-02-10 19:50 - 2015-01-11 18:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2015-02-10 19:50 - 2015-01-11 18:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2015-02-10 19:50 - 2015-01-11 18:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2015-02-10 19:50 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2015-02-10 19:50 - 2015-01-11 18:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2015-02-10 19:50 - 2015-01-11 18:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll2015-02-10 19:50 - 2015-01-11 18:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2015-02-10 19:50 - 2015-01-11 18:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2015-02-10 19:50 - 2015-01-11 18:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2015-02-10 19:50 - 2015-01-11 18:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll2015-02-10 19:50 - 2015-01-11 18:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2015-02-10 19:50 - 2015-01-11 18:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2015-02-10 19:50 - 2015-01-11 18:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2015-02-10 19:50 - 2015-01-11 18:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2015-02-10 19:50 - 2015-01-11 18:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2015-02-10 19:50 - 2015-01-11 18:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2015-02-10 19:50 - 2015-01-11 18:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2015-02-10 19:50 - 2015-01-11 17:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2015-02-10 19:50 - 2015-01-11 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2015-02-10 19:50 - 2015-01-10 02:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2015-02-10 19:50 - 2015-01-10 02:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2015-02-10 19:50 - 2015-01-10 01:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2015-02-10 19:50 - 2015-01-10 01:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2015-02-10 19:50 - 2014-12-19 01:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll2015-02-10 19:50 - 2014-12-19 01:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll2015-02-10 19:50 - 2014-12-08 20:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll2015-02-10 19:50 - 2014-12-08 18:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll2015-02-10 19:50 - 2014-12-08 16:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml2015-02-10 19:50 - 2014-10-28 19:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll2015-02-10 19:50 - 2014-10-28 19:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll2015-02-10 19:50 - 2014-10-28 19:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll2015-02-10 19:50 - 2014-10-28 19:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll2015-02-10 19:50 - 2014-10-28 19:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll2015-02-10 19:50 - 2014-10-28 19:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll2015-02-10 19:50 - 2014-10-28 18:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll2015-02-10 19:50 - 2014-10-28 18:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2015-02-10 19:50 - 2014-10-28 18:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll2015-02-10 19:50 - 2014-10-28 18:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll2015-02-10 19:50 - 2014-10-28 18:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe2015-02-10 19:50 - 2014-10-28 18:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe2015-02-10 19:50 - 2014-10-28 18:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe2015-02-09 21:31 - 2015-02-15 09:31 - 00000000 ____D () C:\Users\Cole\AppData\Local\CrashDumps2015-02-09 15:47 - 2015-02-13 17:23 - 00000000 ____D () C:\Users\Laura\AppData\Local\CrashDumps2015-02-09 13:33 - 2015-02-20 09:55 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-02-09 13:32 - 2015-02-09 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-02-09 13:32 - 2015-02-09 13:32 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-02-09 13:32 - 2015-02-09 13:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-02-09 13:32 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-02-09 13:32 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2015-02-09 13:32 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2015-02-09 13:31 - 2015-02-09 13:31 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Laura\Downloads\mbam-setup-2.0.4.1028.exe2015-02-09 11:44 - 2015-02-09 11:44 - 00000000 ____D () C:\NPE2015-02-09 11:42 - 2015-02-09 11:49 - 00000000 ____D () C:\Users\Laura\AppData\Local\NPE2015-02-09 11:42 - 2015-02-09 11:42 - 03060320 ____N (Symantec Corporation) C:\Users\Laura\Downloads\NPE.exe2015-02-09 11:42 - 2015-02-09 11:42 - 00000000 ____D () C:\ProgramData\Norton2015-02-09 11:41 - 2015-02-09 11:42 - 130955008 _____ (Microsoft Corporation) C:\Users\Laura\Downloads\msert.exe2015-02-09 11:21 - 2015-02-20 10:25 - 01224858 _____ () C:\WINDOWS\WindowsUpdate.log2015-02-09 11:19 - 2015-02-18 17:37 - 00002344 _____ () C:\WINDOWS\setupact.log2015-02-09 11:19 - 2015-02-17 18:41 - 00028860 _____ () C:\WINDOWS\PFRO.log2015-02-09 11:19 - 2015-02-09 11:19 - 00000000 _____ () C:\WINDOWS\setuperr.log2015-02-09 10:47 - 2015-02-09 10:47 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC2015-02-09 10:46 - 2015-02-09 10:46 - 00000000 ____D () C:\Program Files\CCleaner2015-02-09 09:52 - 2015-02-09 09:54 - 05325208 _____ (Piriform Ltd) C:\Users\Laura\Downloads\ccsetup502.exe2015-02-08 23:23 - 2015-02-09 11:19 - 00000000 ____D () C:\AdwCleaner2015-02-08 13:45 - 2015-02-08 13:45 - 00001708 _____ () C:\ProgramData\tempimage.bmp2015-02-08 13:30 - 2015-02-08 13:30 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group2015-02-08 13:28 - 2015-02-08 13:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Laura\Downloads\revosetup.exe2015-02-08 13:02 - 2015-02-08 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR2015-02-08 13:02 - 2015-02-08 13:02 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone2015-02-08 12:59 - 2015-02-08 12:59 - 00035832 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys2015-02-08 12:58 - 2015-02-08 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\turbodiagnosis2015-02-08 12:58 - 2015-02-08 12:58 - 00003508 _____ () C:\WINDOWS\System32\Tasks\PastaLeads2015-02-08 12:58 - 2015-02-08 12:58 - 00000000 ____D () C:\Program Files (x86)\download Manager2015-02-08 12:46 - 2015-02-08 12:46 - 00329784 _____ () C:\Users\Cole\Downloads\EmeraldMod 1.7.10 Forge V3.5.2.jar2015-02-08 12:43 - 2015-02-08 12:43 - 00004709 _____ () C:\Users\Cole\Downloads\LuckyBlockProperties.zip2015-02-08 12:42 - 2015-02-08 12:42 - 00613392 _____ () C:\Users\Cole\Downloads\Free_Download.exe2015-02-08 12:36 - 2015-02-08 12:37 - 03092531 _____ () C:\Users\Cole\Downloads\forge-1.7.10-10.13.2.1291-installer.jar2015-02-08 12:34 - 2015-02-08 12:34 - 00083487 _____ () C:\Users\Cole\Downloads\[1-7-10]_Lucky_Block_v5-1-0.jar.zip2015-02-08 12:27 - 2015-02-08 12:27 - 00096632 _____ () C:\Users\Cole\Downloads\emerald and obsidian mod v1.2.zip2015-02-07 16:38 - 2015-02-07 16:38 - 00094438 _____ () C:\Users\Cole\Downloads\LuckyBlock_1-8-1_v5-2-0.jar (1).zip2015-02-07 16:34 - 2015-02-07 16:34 - 00000000 ____D () C:\Users\Cole\Downloads\LuckyBlock_1-8-1_v5-2-0.jar2015-02-07 16:27 - 2015-02-07 16:27 - 03340779 _____ () C:\Users\Cole\Downloads\forge-1.8-11.14.0.1299-installer (2).jar2015-02-07 16:27 - 2015-02-07 16:27 - 03340779 _____ () C:\Users\Cole\Downloads\forge-1.8-11.14.0.1299-installer (1).jar2015-02-07 16:25 - 2015-02-07 16:26 - 03340779 _____ () C:\Users\Cole\Downloads\forge-1.8-11.14.0.1299-installer.jar2015-02-07 16:23 - 2015-02-19 17:11 - 00000000 ____D () C:\Users\Cole\AppData\Roaming\.minecraft2015-02-07 16:22 - 2015-02-07 16:14 - 00094438 _____ () C:\Users\Cole\Desktop\LuckyBlock_1-8-1_v5-2-0.jar.zip2015-02-07 16:14 - 2015-02-07 16:14 - 00094438 _____ () C:\Users\Cole\Downloads\LuckyBlock_1-8-1_v5-2-0.jar.zip2015-02-06 21:20 - 2015-02-06 21:20 - 02984529 _____ () C:\Users\Cole\Downloads\Babylon.zip2015-02-06 13:27 - 2015-02-06 13:27 - 00000000 __SHD () C:\Users\Laura\AppData\Local\EmieUserList2015-02-06 13:27 - 2015-02-06 13:27 - 00000000 __SHD () C:\Users\Laura\AppData\Local\EmieSiteList2015-02-06 13:27 - 2015-02-06 13:27 - 00000000 __SHD () C:\Users\Laura\AppData\Local\EmieBrowserModeList2015-02-04 20:26 - 2015-02-04 20:26 - 00000000 ____D () C:\Users\Cole\AppData\Local\Apple2015-01-28 15:30 - 2015-01-28 15:30 - 00000000 ____D () C:\Users\Cole\AppData\Roaming\java2015-01-28 11:49 - 2015-01-28 11:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2015-01-24 22:31 - 2015-01-24 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2015-01-24 22:30 - 2015-01-24 22:31 - 00000000 ____D () C:\Program Files (x86)\QuickTime2015-01-24 22:30 - 2015-01-24 22:30 - 00000000 ____D () C:\ProgramData\Apple Computer2015-01-23 09:06 - 2015-01-23 09:06 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Apple Computer2015-01-23 09:04 - 2015-02-03 12:31 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-01-23 09:04 - 2015-02-03 12:31 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2015-01-22 20:19 - 2015-01-22 20:19 - 00000000 ____D () C:\Users\Cole\AppData\Roaming\Apple Computer2015-01-22 19:03 - 2015-01-22 19:03 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk2015-01-22 19:03 - 2015-01-22 19:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple2015-01-22 19:03 - 2015-01-22 19:03 - 00000000 ____D () C:\Users\Laura\AppData\Local\Apple2015-01-22 19:03 - 2015-01-22 19:03 - 00000000 ____D () C:\ProgramData\Apple2015-01-22 19:03 - 2015-01-22 19:03 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update2015-01-22 19:02 - 2015-01-22 19:02 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-20 10:31 - 2014-08-09 12:56 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2015-02-20 10:16 - 2014-07-11 21:39 - 00000576 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1432604938-1182428816-157698692-1001.job2015-02-20 10:04 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-02-20 10:03 - 2014-06-20 22:41 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-02-20 10:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-02-20 09:36 - 2012-10-23 17:34 - 00000834 _____ () C:\WINDOWS\SysWOW64\bscs.ini2015-02-20 09:33 - 2013-10-22 22:38 - 00004268 _____ () C:\WINDOWS\SysWOW64\LOCALSERVICE.INI2015-02-20 09:33 - 2013-10-22 22:38 - 00000043 _____ () C:\WINDOWS\SysWOW64\LOCALDEVICE.INI2015-02-20 09:28 - 2014-06-20 22:39 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1432604938-1182428816-157698692-10012015-02-20 08:59 - 2014-06-20 22:57 - 00000000 ____D () C:\Users\Laura\AppData\Local\Adobe2015-02-20 08:52 - 2014-06-20 22:33 - 00000062 _____ () C:\Users\Laura\AppData\Roaming\sp_data.sys2015-02-19 23:44 - 2013-05-01 02:37 - 00000000 ____D () C:\WINDOWS\fr2015-02-19 22:25 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF2015-02-19 20:35 - 2014-11-27 21:53 - 00000000 ____D () C:\Users\Cole\AppData\Roaming\Curse Client2015-02-19 19:39 - 2014-06-28 19:10 - 00000062 _____ () C:\Users\Cole\AppData\Roaming\sp_data.sys2015-02-19 19:38 - 2015-01-17 09:46 - 00000000 ___RD () C:\Users\Cole\OneDrive2015-02-19 18:14 - 2014-06-28 19:16 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1432604938-1182428816-157698692-10022015-02-19 16:04 - 2014-06-20 22:41 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-02-18 18:56 - 2014-08-05 13:45 - 00000000 ____D () C:\Program Files (x86)\Steam2015-02-18 17:40 - 2014-09-24 00:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2015-02-17 22:51 - 2014-10-10 10:14 - 00000000 ____D () C:\Users\Laura2015-02-17 22:00 - 2014-10-10 10:14 - 00000000 ____D () C:\Users\Cole2015-02-17 18:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Speech2015-02-17 18:41 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-02-16 09:37 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI2015-02-12 23:09 - 2014-07-11 21:39 - 00003572 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1432604938-1182428816-157698692-10012015-02-12 22:13 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed2015-02-11 19:14 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache2015-02-11 17:05 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-02-11 10:18 - 2013-08-22 07:44 - 00337864 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2015-02-11 10:16 - 2013-08-22 08:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker2015-02-10 23:09 - 2014-06-26 19:35 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-02-10 23:00 - 2014-06-26 19:35 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-02-09 14:00 - 2014-06-30 09:26 - 00000000 ___RD () C:\Users\Laura\Desktop\its the clean desktop folder2015-02-09 13:54 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Registration2015-02-09 10:56 - 2014-10-10 11:03 - 00000000 ___DC () C:\WINDOWS\Panther2015-02-08 22:43 - 2014-06-28 19:16 - 00000000 ____D () C:\Users\Cole\AppData\Local\Battle.net2015-02-08 20:51 - 2014-06-24 18:56 - 00000000 ____D () C:\Program Files (x86)\Battle.net2015-02-06 09:43 - 2014-06-20 23:05 - 00000000 ____D () C:\Users\Laura\Desktop\AAA FDP2015-02-04 15:58 - 2014-06-20 22:41 - 00003892 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-04 15:58 - 2014-06-20 22:41 - 00003656 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2015-02-04 15:58 - 2014-06-20 22:41 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-02-04 15:31 - 2014-08-09 12:56 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater2015-02-04 10:08 - 2014-08-09 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2015-02-01 16:48 - 2014-06-28 19:10 - 00000000 ____D () C:\Users\Cole\AppData\Local\Packages2015-01-28 10:35 - 2015-01-09 22:27 - 00000000 ____D () C:\Program Files (x86)\Java2015-01-28 10:16 - 2015-01-09 22:28 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe2015-01-28 10:16 - 2015-01-09 22:28 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe2015-01-28 10:16 - 2015-01-09 22:28 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe2015-01-28 10:16 - 2015-01-09 22:28 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll2015-01-28 10:16 - 2014-08-06 16:44 - 00000000 ____D () C:\ProgramData\Oracle2015-01-28 10:08 - 2013-05-01 02:34 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk2015-01-22 08:57 - 2015-01-06 22:30 - 00000000 ____D () C:\Users\Laura\Desktop\School ==================== Files in the root of some directories ======= 2014-06-20 22:33 - 2015-02-20 08:52 - 0000062 _____ () C:\Users\Laura\AppData\Roaming\sp_data.sys2014-10-15 12:34 - 2014-10-15 12:34 - 0001456 _____ () C:\Users\Laura\AppData\Local\Adobe Save for Web 13.0 Prefs2014-06-26 16:38 - 2014-06-26 19:19 - 0001217 _____ () C:\ProgramData\hpzinstall.log2013-05-01 02:34 - 2012-09-07 04:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd2013-05-01 02:34 - 2009-07-22 03:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe2013-05-01 02:34 - 2012-09-07 04:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS2015-02-08 13:45 - 2015-02-08 13:45 - 0001708 _____ () C:\ProgramData\tempimage.bmp Files to move or delete:====================C:\ProgramData\SetStretch.exeC:\ProgramData\SetStretch.VBS Some content of TEMP:====================C:\Users\Laura\AppData\Local\Temp\0EC7CA1C-442F-ACD8-5237-136F59B159D8.exeC:\Users\Laura\AppData\Local\Temp\B663B43C-99A6-5DCF-9521-65BEDC2412F1.dllC:\Users\Laura\AppData\Local\Temp\B663B43C-99A6-5DCF-9521-65BEDC2412F1.exeC:\Users\Laura\AppData\Local\Temp\Itibiti_Knctr_C.exeC:\Users\Laura\AppData\Local\Temp\OnlineBackup.exeC:\Users\Laura\AppData\Local\Temp\Quarantine.exeC:\Users\Laura\AppData\Local\Temp\sqlite3.dllC:\Users\Laura\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-17 19:33 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01Ran by Laura at 2015-02-20 10:52:13Running from C:\Users\Laura\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) HiddenAdobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.1 - Adobe Systems Incorporated)Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)AMD Catalyst Install Manager (HKLM\...\{E3D3EE63-5570-DCB9-45F8-4CF03349AFD8}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.4 - ASUS)ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.0 - ASUS)ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4924.52 - CyberLink Corp.)ASUSDVD (x32 Version: 10.0.4924.52 - CyberLink Corp.) HiddenAsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)Azteca (x32 Version: 2.2.0.97 - WildTangent) HiddenBattle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) HiddenBing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) HiddenC410 (x32 Version: 140.0.353.000 - Hewlett-Packard) HiddenCanon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - )Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDestinations (x32 Version: 140.0.253.000 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) HiddenDocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) HiddenFax (x32 Version: 140.0.307.000 - Hewlett-Packard) HiddenGalería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenGalerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenGarry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenGoToMeeting 6.4.12.2331 (HKU\S-1-5-21-1432604938-1182428816-157698692-1001\...\GoToMeeting) (Version: 6.4.12.2331 - CitrixOnline)GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) HiddenHi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{951AF289-1B6A-44CA-B4F3-259BFC49148F}) (Version: 14.0 - HP)HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) HiddenHPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) HiddenHPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) HiddenHPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) HiddenJava 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)League of Legends (x32 Version: 3.0.1 - Riot Games) HiddenLogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.303 - LogMeIn, Inc.)LogMeIn Hamachi (x32 Version: 2.2.0.303 - LogMeIn, Inc.) HiddenMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenMicrosoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)Network64 (Version: 140.0.306.000 - Hewlett-Packard) HiddenOCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)OEM Application Profile (HKLM-x32\...\{769E695A-F93F-803E-3763-9A00A0E38786}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)Peggle (x32 Version: 2.2.0.95 - WildTangent) HiddenPenguins! (x32 Version: 2.2.0.98 - WildTangent) HiddenPhotodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation)ProShow Gold (HKLM-x32\...\ProShow Gold) (Version: - Photodex Corporation)PS_AIO_07_C410_SW_Min (x32 Version: 140.0.365.000 - Hewlett-Packard) HiddenQuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) HiddenRalink Bluetooth Stack64 (HKLM\...\{91C2E5B8-B01E-C13A-24D7-957DA8A22821}) (Version: 9.0.727.3 - Ralink Corporation)Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6870 - Realtek Semiconductor Corp.)Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) HiddenShared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2529.2 - Hi-Rez Studios)SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) HiddenStatus (x32 Version: 140.0.342.000 - Hewlett-Packard) HiddenSteam (HKLM-x32\...\Steam) (Version: - Valve Corporation)Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) HiddenTeam Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) HiddenTrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) HiddenUpdate Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenWebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) HiddenWildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) HiddenWindows Driver Package - ASUS (ATP) Mouse (05/09/2013 1.0.0.173) (HKLM\...\1016059FBF327ED9E3BAE758BD08CF10D3C6252D) (Version: 05/09/2013 1.0.0.173 - ASUS)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1432604938-1182428816-157698692-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Laura\AppData\Local\Citrix\GoToMeeting\2031\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Restore Points ========================= 08-02-2015 13:13:10 Restore Operation11-02-2015 19:08:27 Windows Update13-02-2015 19:59:47 Installed LogMeIn Hamachi ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {06482FDA-A496-45D4-A948-D0634B54DF3D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)Task: {0959E249-EBB3-4C7B-8DA6-AF7F9DFC7529} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-06-19] (ASUS)Task: {15121D7A-8C7A-41DC-87D7-49D65C6952B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-20] (Google Inc.)Task: {2283CD1F-122F-4747-9E88-0DF80A6063E2} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-Laura => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)Task: {39F85ADB-1421-4A4B-9E3C-895A15F8DC4A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)Task: {4ACE709B-A361-498C-A301-F3F821A23DE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)Task: {4FB7E107-77B3-4AF1-94BD-1DF6850EA2FC} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-06-28] (AsusTek)Task: {5CBC7B5F-0958-49AC-AFC6-47B012697A6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-20] (Google Inc.)Task: {71292AA7-C0C1-4AB6-89F9-2C8F6986F108} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)Task: {87EE6124-851B-435C-B87A-A196AE21D295} - System32\Tasks\{860962E8-CA2D-4C70-ABD8-A8AA92627A67} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"Task: {8DA8DB9E-F432-46C3-A97F-D5EE89F9815A} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)Task: {8F598A82-836E-4B18-BB62-D5DBDBBD63F6} - System32\Tasks\G2MUpdateTask-S-1-5-21-1432604938-1182428816-157698692-1001 => C:\Users\Laura\AppData\Local\Citrix\GoToMeeting\2331\g2mupdate.exe [2015-02-12] (Citrix Online, a division of Citrix Systems, Inc.)Task: {9E5EA607-9846-4314-A91A-7A4EE52A6C48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)Task: {A42B3946-5A11-4CE6-A606-19ECA42105D4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)Task: {B1929B17-156F-47B0-A6AB-6122DA2AD2D9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)Task: {B99E1F08-96D4-4257-99FB-2A763D6C2897} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)Task: {BAC1E830-3627-451B-848D-A20BB50E2DB6} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1432604938-1182428816-157698692-1002Task: {C822CC25-1108-4B98-B8B1-C03457735784} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exeTask: {E1E4928F-7E5E-46EA-8801-6C5D51EA4922} - System32\Tasks\PastaLeads => C:\Program Files (x86)\pastaleads\ScheduledTask.exeTask: {E7EA0BCC-7320-4DC0-83E7-6C45A22E1A70} - System32\Tasks\{FF345EDC-2B23-455D-BAD9-20572D8B31B5} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"Task: {E82F9C90-E040-4661-AF93-C1ACFB274434} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)Task: {EC7620B7-E065-40FF-B11F-B9A8BE2C5B5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {ECE52131-F74E-462A-9435-089FD4B809A8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-10] (Microsoft Corporation)Task: {F69571A1-8F1E-409A-A975-4E65CFD107AC} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()Task: {F7E188FF-FD79-4F0D-8992-ADD62B0DCA62} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1432604938-1182428816-157698692-1001.job => C:\Users\Laura\AppData\Local\Citrix\GoToMeeting\2331\g2mupdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll2012-12-18 23:10 - 2012-12-18 23:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe2014-09-26 14:40 - 2014-12-03 23:38 - 00186760 _____ () C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe2012-10-23 17:31 - 2012-10-23 17:31 - 00017160 _____ () C:\Windows\system32\BsHelpCSps.dll2012-10-23 17:31 - 2012-10-23 17:31 - 00029960 _____ () C:\Windows\system32\BsTrace.dll2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll2013-06-19 20:49 - 2013-06-19 20:49 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll2014-07-04 21:33 - 2014-07-04 21:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll2014-11-08 19:22 - 2014-11-08 19:22 - 00575688 _____ () C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.7\AgKernel.dll2014-11-08 19:23 - 2014-11-08 19:23 - 00368328 _____ () C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.7\WFCore.dll2014-11-08 19:23 - 2014-11-08 19:23 - 00033992 _____ () C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.7\WFSQLite.dll2014-11-08 19:23 - 2014-11-08 19:23 - 00097480 _____ () C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.7\WFWeb.dll2014-11-08 19:23 - 2014-11-08 19:23 - 00892616 _____ () C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.7\WFOzClient.dll2014-11-08 19:23 - 2014-11-08 19:23 - 00029896 _____ () C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.7\LightroomModels.dll2014-11-08 19:24 - 2014-11-08 19:24 - 00114888 _____ () C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.7\moxplugins\AppManagerLR.mox2014-11-08 19:24 - 2014-11-08 19:24 - 00246472 _____ () C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.7\moxplugins\wpdmanager.mox2012-10-23 17:31 - 2012-10-23 17:31 - 00029960 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll2012-10-23 17:31 - 2012-10-23 17:31 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll2012-10-23 17:31 - 2012-10-23 17:31 - 00062216 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll2012-10-23 17:25 - 2012-10-23 17:25 - 00335176 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll2011-07-05 10:53 - 2011-07-05 10:53 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll2012-10-23 17:31 - 2012-10-23 17:31 - 00079624 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll2012-10-23 17:31 - 2012-10-23 17:31 - 00363784 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll2012-10-23 17:31 - 2012-10-23 17:31 - 00029960 _____ () C:\Windows\SYSTEM32\BsTrace.dll2015-02-19 16:04 - 2015-02-17 15:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll2015-02-19 16:04 - 2015-02-17 15:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll2015-02-19 16:04 - 2015-02-17 15:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Cole\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1432604938-1182428816-157698692-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaperDNS Servers: 68.105.28.11 - 68.105.29.11 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "shopperz" ==================== Accounts: ============================= Administrator (S-1-5-21-1432604938-1182428816-157698692-500 - Administrator - Disabled)Cole (S-1-5-21-1432604938-1182428816-157698692-1002 - Limited - Enabled) => C:\Users\ColeGuest (S-1-5-21-1432604938-1182428816-157698692-501 - Limited - Enabled) => C:\Users\GuestLaura (S-1-5-21-1432604938-1182428816-157698692-1001 - Administrator - Enabled) => C:\Users\Laura ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/19/2015 07:39:22 PM) (Source: Perflib) (EventID: 1008) (User: )Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4 Error: (02/19/2015 07:39:22 PM) (Source: Perflib) (EventID: 1023) (User: )Description: rdyboost4 Error: (02/19/2015 07:39:22 PM) (Source: PerfNet) (EventID: 2004) (User: )Description: Error: (02/19/2015 07:39:22 PM) (Source: Perflib) (EventID: 1008) (User: )Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4 Error: (02/19/2015 07:39:22 PM) (Source: Perflib) (EventID: 1008) (User: )Description: LsaC:\Windows\System32\Secur32.dll4 Error: (02/19/2015 07:39:22 PM) (Source: Perflib) (EventID: 1008) (User: )Description: ESENTC:\WINDOWS\system32\esentprf.dll4 Error: (02/19/2015 07:39:22 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (02/19/2015 07:39:22 PM) (Source: Perflib) (EventID: 1008) (User: )Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll4 Error: (02/19/2015 04:59:08 PM) (Source: Perflib) (EventID: 1008) (User: )Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4 Error: (02/19/2015 04:59:08 PM) (Source: Perflib) (EventID: 1023) (User: )Description: rdyboost4 System errors:=============Error: (02/19/2015 11:34:28 PM) (Source: DCOM) (EventID: 10010) (User: Laptop)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/19/2015 07:39:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (02/19/2015 06:14:44 PM) (Source: DCOM) (EventID: 10010) (User: Laptop)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/19/2015 04:58:23 PM) (Source: DCOM) (EventID: 10010) (User: Laptop)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/19/2015 04:24:20 PM) (Source: DCOM) (EventID: 10010) (User: Laptop)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/19/2015 03:33:11 PM) (Source: DCOM) (EventID: 10010) (User: Laptop)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (02/19/2015 03:33:11 PM) (Source: DCOM) (EventID: 10010) (User: Laptop)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (02/18/2015 10:17:17 PM) (Source: DCOM) (EventID: 10010) (User: Laptop)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/17/2015 10:00:05 PM) (Source: DCOM) (EventID: 10010) (User: Laptop)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (02/17/2015 10:00:05 PM) (Source: DCOM) (EventID: 10010) (User: Laptop)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Microsoft Office Sessions:=========================Error: (02/19/2015 07:39:22 PM) (Source: Perflib) (EventID: 1008) (User: )Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4 Error: (02/19/2015 07:39:22 PM) (Source: Perflib) (EventID: 1023) (User: )Description: rdyboost4 Error: (02/19/2015 07:39:22 PM) (Source: PerfNet) (EventID: 2004) (User: )Description: Error: (02/19/2015 07:39:22 PM) (Source: Perflib) (EventID: 1008) (User: )Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4 Error: (02/19/2015 07:39:22 PM) (Source: Perflib) (EventID: 1008) (User: )Description: LsaC:\Windows\System32\Secur32.dll4 Error: (02/19/2015 07:39:22 PM) (Source: Perflib) (EventID: 1008) (User: )Description: ESENTC:\WINDOWS\system32\esentprf.dll4 Error: (02/19/2015 07:39:22 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (02/19/2015 07:39:22 PM) (Source: Perflib) (EventID: 1008) (User: )Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll4 Error: (02/19/2015 04:59:08 PM) (Source: Perflib) (EventID: 1008) (User: )Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4 Error: (02/19/2015 04:59:08 PM) (Source: Perflib) (EventID: 1023) (User: )Description: rdyboost4 ==================== Memory info =========================== Processor: AMD A10-5750M APU with Radeon HD Graphics Percentage of memory in use: 30%Total physical RAM: 7378.4 MBAvailable physical RAM: 5137.13 MBTotal Pagefile: 8530.4 MBAvailable Pagefile: 5342.56 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:279.01 GB) (Free:86.54 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (DATA) (Fixed) (Total:398.07 GB) (Free:397.83 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 698.6 GB) (Disk ID: 098FA470) Partition: GPT Partition Type. ==================== End Of Log ============================
  9. I reset it and the program is working but I believe I just will have to have java on the web from now on... don't know how big a security threat that is?
  10. ummm I don't suppose you could help me with one other thing? I reinstalled java and took it off my internet. But I do use a program that uses it and I'm not sure now how to get it back working... http://www.roeslaunch.com/ROES/labs/WHCC/ I uploaded the launch.jnlp and accidentally assigned it to acrobat. It wouldn't open before I assigned it a program. I'm not sure how it uses java... (should I let java run in my browser?)
  11. Thanks so much- you've been awesome! Computer seems great! :0)
  12. ok- its like layers on layers here... The luma pix (last entry) *should* be a normal program that I use... C:\Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\Adobe.Photoshop.CS4.Extended-Crack.exe a variant of Win32/HackTool.Patcher.D application C:\Program Files (x86)\Adobe\Adobe Photoshop CS4\Adobe.Photoshop.CS4.Extended-Crack.exe a variant of Win32/HackTool.Patcher.D application C:\Users\Laura Siivola\Desktop\Adobe CD\Adobe CS4 Suite\PhsotoshopCS4\Adobe.Photoshop.CS4.Extended-Crack.exe a variant of Win32/HackTool.Patcher.D application C:\Users\Laura Siivola\Desktop\Adobe CD\Adobe_IndesignCS4\disable_activation.cmd BAT/HostsChanger.A application C:\_OTL\MovedFiles\03042013_122455\C_Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application E:\to drobo\Resources\LumaPixSetup(2).exe a variant of Win32/Packed.Themida application
  13. thaaat was... quicker than I expected! :0) As far as how it's running; I haven't really had any slowness problems since this morning, but I will restart and if there are any problems I will get back... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:57:12 PM, on 3/4/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files (x86)\AVG\AVG2013\avgcsrvx.exe C:\PROGRA~2\HP\DIGITA~1\bin\hpqgpc01.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe C:\Users\Laura Siivola\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [DDAssist] C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe O4 - HKUS\S-1-5-21-1603802303-299002482-1763937386-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1603802303-299002482-1763937386-1003\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN (User 'UpdatusUser') O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Dropbox.lnk = Laura Siivola\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GamesAppService - Unknown owner - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Yontoo Desktop Updater - Unknown owner - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe (file missing) -- End of file - 13482 bytes
  14. 1st.... (downloading hijack now, will post later) Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.05.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Laura Siivola :: HP [administrator] Protection: Enabled 3/4/2013 11:47:30 PM mbam-log-2013-03-04 (23-47-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 234206 Time elapsed: 5 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  15. Update for Microsoft Office 2007 (KB2508958) Acrobat.com Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe AIR Adobe Bridge 1.0 Adobe Common File Installer Adobe Digital Editions 2.0 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Center 1.0 Adobe Media Player Adobe Photoshop CS2 Adobe Photoshop CS3 Extended - Version 10 Adobe Reader XI Adobe Shockwave Player 11.5 Adobe Stock Photos 1.0 Amazon MP3 Downloader 1.0.17 Apple Application Support Apple Software Update BufferChm C410 Coupon Printer for Windows CuteFTP 8 Lite CyberLink DVD Suite Deluxe Destinations DeviceDiscovery DirectX for Managed Code Update (Summer 2004) DocProc Drobo Dashboard Dropbox DVD Menu Pack for HP MediaSmart Video Facebook Plug-In Fax FotoFusion v4 Google Update Helper GPBaseService2 Hewlett-Packard ACLM.NET v1.2.1.1 HP Advisor HP Customer Experience Enhancements HP Games HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Music/Photo/Video HP MediaSmart/TouchSmart Netflix HP Odometer HP Photo Creations HP Product Detection HP Support Assistant HP Support Information HP Update HPAppStudio HPDiagnosticAlert HPPhotoGadget HPProductAssistant HPSSupply Hulu Desktop I.R.I.S. OCR IKEA Home Planner Kitchen Java 7 Update 15 Java Auto Updater Junk Mail filter update LabelPrint League of Legends LightScribe System Software Malwarebytes Anti-Malware version 1.70.0.1100 MarketResearch Marketsplash Shortcuts McAfee Security Scan Plus Microsoft Choice Guard Microsoft Live Search Toolbar Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 19.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OverDrive Media Console Photo Mechanic 5 PictureMover Plants vs. Zombies Power2Go PowerDirector Prism Video File Converter PS_AIO_07_C410_SW_Min QuickTime QuickTransfer RAD Video Tools Rapport Realtek High Definition Audio Driver Recovery Manager RescuePRO 3.5 Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Showit Effects 2.0 Showit Web 2.7 SmartWebPrinting SolutionCenter Spelling Dictionaries Support For Adobe Reader 9 Status The Rosetta Stone Toolbox TrayApp Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Installer for WildTangent Games App Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables WebReg WildTangent Games App Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer WinRAR 4.00 (32-bit) World of Warcraft
  16. well it's not running... I looked up in my msconfig and it's in there, but the box is not checked to run on startup. What do you make of that?
  17. I don't see yontoo running. I'm going to restart and write again...
  18. ========== OTL ========== Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-1603802303-299002482-1763937386-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully. File Protocol\Handler\avgsecuritytoolbar - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully. File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. File Protocol\Handler\livecall - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully. File Protocol\Handler\ms-itss - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. File Protocol\Handler\msnim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. File Protocol\Handler\wlmailhtml - No CLSID value found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ deleted successfully. File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully. File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. No active process named Program Files was found! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9987411E-AEC8-4F14-85BC-EDAADE26C195}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9987411E-AEC8-4F14-85BC-EDAADE26C195}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9987411E-AEC8-4F14-85BC-EDAADE26C195}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9987411E-AEC8-4F14-85BC-EDAADE26C195}\ not found. Registry key HKEY_USERS\S-1-5-21-1603802303-299002482-1763937386-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9987411E-AEC8-4F14-85BC-EDAADE26C195}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9987411E-AEC8-4F14-85BC-EDAADE26C195}\ not found. C:\Users\Laura Siivola\AppData\Roaming\Mozilla\Firefox\Profiles\tcbdm3o3.default\extensions\exif_viewer@mozilla.doslash.org.xpi moved successfully. Prefs.js: exif_viewer%40mozilla.doslash.org:2.00 removed from extensions.enabledAddons C:\Users\Laura Siivola\AppData\Roaming\Yontoo\dat\update folder moved successfully. C:\Users\Laura Siivola\AppData\Roaming\Yontoo\dat folder moved successfully. Folder move failed. C:\Users\Laura Siivola\AppData\Roaming\Yontoo scheduled to be moved on reboot. C:\Program Files (x86)\Yontoo folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Laura Siivola\Desktop\cmd.bat deleted successfully. C:\Users\Laura Siivola\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Laura Siivola ->Java cache emptied: 0 bytes User: Public User: UpdatusUser Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 41620 bytes User: Default User ->Flash cache emptied: 0 bytes User: Laura Siivola ->Flash cache emptied: 2795943 bytes User: Public User: UpdatusUser ->Flash cache emptied: 41620 bytes Total Flash Files Cleaned = 3.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03042013_122455 Files\Folders moved on Reboot... C:\Users\Laura Siivola\AppData\Roaming\Yontoo folder moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  19. just in case this might be helpful? when I started firefox this morning it was being a little slow to open. I went to task manager and ended yontoo before firefox opened up and when the browser did finally open, I got this: File not found Firefox can't find the file at /C:/users/lauras~1/appdata/local/temp/dbxlvhn75d.html#3fe99cf1a3ac6845138f2f38bc1aab1168769dca880a79f2759c3587b331925a7d5ac855e191756a67ddbe.
  20. OTL logfile created on: 3/3/2013 8:45:03 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laura Siivola\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 62.34% Memory free 7.50 Gb Paging File | 5.37 Gb Available in Paging File | 71.62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 585.31 Gb Total Space | 382.39 Gb Free Space | 65.33% Space Free | Partition Type: NTFS Drive D: | 10.76 Gb Total Space | 1.57 Gb Free Space | 14.60% Space Free | Partition Type: NTFS Drive E: | 1863.01 Gb Total Space | 528.00 Gb Free Space | 28.34% Space Free | Partition Type: NTFS Drive F: | 697.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: HP | User Name: Laura Siivola | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Laura Siivola\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe (Microsoft) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe (Drobo, Inc.) PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll () MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HPSLPSVC) -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sscdserd) -- C:\Windows\SysNative\drivers\sscdserd.sys (MCCI Corporation) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.) DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.) DRV - (RapportCerberus_43926) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys () DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{5EE7A2B6-6E58-4E02-85E8-7984BCB134FC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{9987411E-AEC8-4F14-85BC-EDAADE26C195}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{5EE7A2B6-6E58-4E02-85E8-7984BCB134FC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9987411E-AEC8-4F14-85BC-EDAADE26C195}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\InprocServer32 File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\InprocServer32 File not found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1603802303-299002482-1763937386-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKU\S-1-5-21-1603802303-299002482-1763937386-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1603802303-299002482-1763937386-1001\..\SearchScopes\{49D4691C-F57F-482B-8D4C-26B7946DC1A6}: "URL" = http://search.avg.com/route/?d=4cbbc229&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us IE - HKU\S-1-5-21-1603802303-299002482-1763937386-1001\..\SearchScopes\{5EE7A2B6-6E58-4E02-85E8-7984BCB134FC}: "URL" = http://www.bing.com/search?q={searchTerms}&r=797 IE - HKU\S-1-5-21-1603802303-299002482-1763937386-1001\..\SearchScopes\{9987411E-AEC8-4F14-85BC-EDAADE26C195}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKU\S-1-5-21-1603802303-299002482-1763937386-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1603802303-299002482-1763937386-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1603802303-299002482-1763937386-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKU\S-1-5-21-1603802303-299002482-1763937386-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1 IE - HKU\S-1-5-21-1603802303-299002482-1763937386-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKU\S-1-5-21-1603802303-299002482-1763937386-1003\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en" FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00 FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055 FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.3 FF - prefs.js..extensions.enabledItems: {FBD8D33E-0FF7-4a71-BE2F-FD0B6F3C64A9}:0.5.9b FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Laura Siivola\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll () FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/28 11:49:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/20 06:55:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/19 18:28:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/28 11:49:11 | 000,000,000 | ---D | M] [2010/03/26 17:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura Siivola\AppData\Roaming\Mozilla\Extensions [2013/03/02 19:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura Siivola\AppData\Roaming\Mozilla\Firefox\Profiles\tcbdm3o3.default\extensions [2010/08/31 13:02:06 | 000,000,000 | ---D | M] ("SmugBrowser") -- C:\Users\Laura Siivola\AppData\Roaming\Mozilla\Firefox\Profiles\tcbdm3o3.default\extensions\{FBD8D33E-0FF7-4a71-BE2F-FD0B6F3C64A9} [2013/03/02 19:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura Siivola\AppData\Roaming\Mozilla\Firefox\Profiles\ventrwzg.default\extensions [2012/08/30 08:39:38 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\Laura Siivola\AppData\Roaming\Mozilla\Firefox\Profiles\tcbdm3o3.default\extensions\exif_viewer@mozilla.doslash.org.xpi [2012/09/13 07:05:44 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Laura Siivola\AppData\Roaming\Mozilla\Firefox\Profiles\tcbdm3o3.default\extensions\testpilot@labs.mozilla.com.xpi [2011/12/31 09:46:27 | 000,074,526 | ---- | M] () (No name found) -- C:\Users\Laura Siivola\AppData\Roaming\Mozilla\Firefox\Profiles\tcbdm3o3.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi [2013/02/19 22:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/02/19 18:28:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/02/19 18:28:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013/02/19 18:28:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013/02/15 17:35:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2013/02/15 17:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/02/15 17:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2013/03/03 16:00:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found O3 - HKU\S-1-5-21-1603802303-299002482-1763937386-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKU\S-1-5-21-1603802303-299002482-1763937386-1001..\Run: [DDAssist] C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe (Drobo, Inc.) O4 - HKU\S-1-5-21-1603802303-299002482-1763937386-1003..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1603802303-299002482-1763937386-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Laura Siivola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Laura Siivola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Laura Siivola\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1603802303-299002482-1763937386-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1603802303-299002482-1763937386-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1603802303-299002482-1763937386-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{648B8D42-6B59-48CD-9C37-A35B7ACE060D}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/03 16:18:31 | 000,000,000 | ---D | C] -- C:\Users\Laura Siivola\AppData\Roaming\HP [2013/03/03 16:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013/03/03 16:13:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/03/02 19:48:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/03/02 19:48:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/03/02 19:48:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/03/02 19:48:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/02 19:47:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/03/02 19:46:40 | 005,036,260 | R--- | C] (Swearware) -- C:\Users\Laura Siivola\Desktop\ComboFix.exe [2013/03/02 19:32:00 | 000,000,000 | ---D | C] -- C:\Windows\snack [2013/03/02 19:29:03 | 000,000,000 | ---D | C] -- C:\Users\Laura Siivola\Desktop\RK_Quarantine [2013/03/02 12:43:50 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Laura Siivola\Desktop\dds.scr [2013/03/02 09:09:51 | 000,000,000 | ---D | C] -- C:\Users\Laura Siivola\AppData\Roaming\Malwarebytes [2013/03/02 09:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/03/02 09:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/02 09:09:33 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/03/02 09:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/03/02 09:09:16 | 000,000,000 | ---D | C] -- C:\Users\Laura Siivola\AppData\Local\Programs [2013/03/01 23:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013/03/01 23:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013/03/01 23:23:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Laura Siivola\Desktop\OTL.exe [2013/02/28 11:29:14 | 000,000,000 | ---D | C] -- C:\Users\Laura Siivola\AppData\Local\Adobe_Systems_Incorporate [2013/02/27 23:05:46 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013/02/27 23:05:45 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013/02/27 23:05:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013/02/27 23:05:45 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013/02/27 23:05:28 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013/02/27 23:05:28 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013/02/27 23:05:21 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013/02/27 23:05:21 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013/02/27 23:05:21 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013/02/27 23:05:21 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013/02/27 23:05:21 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/02/27 23:05:21 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/02/27 23:05:21 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/02/27 23:05:21 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/02/27 23:05:21 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/02/27 23:05:21 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/02/27 23:05:21 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/02/27 23:05:21 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/02/27 23:05:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013/02/27 23:05:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013/02/27 23:05:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/02/27 23:05:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/02/27 23:05:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013/02/27 23:05:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013/02/27 23:05:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/02/27 23:05:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/02/27 23:05:21 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/02/27 23:05:21 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/02/27 23:05:20 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013/02/27 23:05:20 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013/02/27 23:05:20 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013/02/27 23:05:20 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013/02/27 23:05:20 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013/02/27 23:05:20 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013/02/27 23:05:20 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013/02/27 23:05:20 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013/02/27 23:05:20 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013/02/27 23:05:20 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013/02/27 23:05:20 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013/02/27 23:05:19 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013/02/27 23:05:19 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013/02/26 10:47:59 | 000,000,000 | ---D | C] -- C:\Users\Laura Siivola\AppData\Roaming\iPumper [2013/02/26 10:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/02/26 10:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/02/26 10:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/02/26 10:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/02/25 13:11:16 | 000,000,000 | ---D | C] -- C:\Users\Laura Siivola\AppData\Local\CRE [2013/02/22 10:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Camera Bits, Inc [2013/02/22 10:35:50 | 000,000,000 | ---D | C] -- C:\Users\Laura Siivola\AppData\Roaming\Camera Bits, Inc [2013/02/22 10:17:18 | 000,143,360 | ---- | C] (Camera Bits, Inc.) -- C:\Windows\SysNative\PMAutoplay.exe [2013/02/22 10:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Mechanic 5 [2013/02/22 10:17:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Camera Bits [2013/02/19 21:50:08 | 000,000,000 | ---D | C] -- C:\Users\Laura Siivola\AppData\Roaming\Yontoo [2013/02/19 21:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo [2013/02/19 18:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/02/19 16:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/02/19 16:29:35 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/02/19 16:29:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/02/19 16:29:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/02/19 16:29:16 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/02/13 07:03:01 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/02/13 07:03:01 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/02/13 07:03:00 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/02/13 07:02:36 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/02/13 07:02:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/02/13 07:02:33 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/02/13 07:02:33 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/02/13 07:02:33 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/02/13 07:02:33 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/02/13 07:02:32 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/02/13 07:02:20 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/02/13 07:02:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/02/13 07:02:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/02/13 07:02:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/02/13 07:02:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/02/13 07:02:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/02/13 07:02:12 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/02/12 10:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013/02/09 09:10:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013/02/06 08:44:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak ========== Files - Modified Within 30 Days ========== [2013/03/03 20:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/03 19:58:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/03 19:02:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/03 16:26:37 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/03 16:26:37 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/03 16:17:42 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/03 16:16:51 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys [2013/03/03 16:00:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/03/03 15:49:16 | 005,036,260 | R--- | M] (Swearware) -- C:\Users\Laura Siivola\Desktop\ComboFix.exe [2013/03/02 19:32:25 | 000,042,496 | ---- | M] () -- C:\Windows\SysNative\drivers\watchdog.sys.dump [2013/03/02 19:32:06 | 000,129,024 | ---- | M] () -- C:\Windows\SysNative\drivers\videoprt.sys.dump [2013/03/02 19:01:15 | 000,000,158 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/03/02 18:56:44 | 000,816,640 | ---- | M] () -- C:\Users\Laura Siivola\Desktop\RogueKiller.exe [2013/03/02 18:56:14 | 000,594,019 | ---- | M] () -- C:\Users\Laura Siivola\Desktop\adwcleaner.exe [2013/03/02 12:44:34 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Laura Siivola\Desktop\dds.scr [2013/03/02 09:28:26 | 000,001,913 | ---- | M] () -- C:\Users\Laura Siivola\Desktop\Adobe PhotoShop CS3 Extended.lnk [2013/03/01 23:30:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/03/01 23:23:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laura Siivola\Desktop\OTL.exe [2013/02/28 11:28:53 | 000,002,202 | ---- | M] () -- C:\Users\Laura Siivola\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk [2013/02/28 11:28:53 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk [2013/02/28 11:04:01 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job [2013/02/27 20:38:22 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/27 20:38:22 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/27 20:38:22 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/27 00:13:14 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/27 00:13:14 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/26 10:09:24 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/02/22 10:17:18 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Photo Mechanic 5.lnk [2013/02/20 20:55:51 | 000,038,438 | ---- | M] () -- C:\Users\Laura Siivola\AppData\Roaming\Comma Separated Values (DOS).ADR [2013/02/19 22:05:57 | 000,002,046 | ---- | M] () -- C:\Users\Laura Siivola\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/02/19 22:05:57 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/02/19 16:29:11 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/02/19 16:29:10 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013/02/19 16:29:10 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013/02/19 16:29:10 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/02/19 16:29:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/02/19 16:29:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/02/13 17:15:54 | 003,075,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/13 17:15:39 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLaura Siivola.job [2013/02/12 10:23:08 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013/02/09 09:10:19 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013/02/09 09:10:19 | 000,002,008 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013/02/06 07:59:22 | 000,101,688 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys ========== Files Created - No Company Name ========== [2013/03/02 19:48:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/03/02 19:48:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/03/02 19:48:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/03/02 19:48:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/03/02 19:48:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/03/02 19:32:28 | 000,785,512 | ---- | C] () -- C:\Windows\SysNative\drivers\Wdf01000.sys.dump [2013/03/02 19:32:26 | 000,021,056 | ---- | C] () -- C:\Windows\SysNative\drivers\wd.sys.dump [2013/03/02 19:32:25 | 000,042,496 | ---- | C] () -- C:\Windows\SysNative\drivers\watchdog.sys.dump [2013/03/02 19:32:24 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\drivers\wanarp.sys.dump [2013/03/02 19:32:23 | 000,027,776 | ---- | C] () -- C:\Windows\SysNative\drivers\wacompen.sys.dump [2013/03/02 19:32:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysNative\drivers\vwififlt.sys.dump [2013/03/02 19:32:22 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\drivers\vwifimp.sys.dump [2013/03/02 19:32:21 | 000,161,872 | ---- | C] () -- C:\Windows\SysNative\drivers\vsmraid.sys.dump [2013/03/02 19:32:21 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\drivers\vwifibus.sys.dump [2013/03/02 19:32:18 | 000,295,808 | ---- | C] () -- C:\Windows\SysNative\drivers\volsnap.sys.dump [2013/03/02 19:32:13 | 000,363,392 | ---- | C] () -- C:\Windows\SysNative\drivers\volmgrx.sys.dump [2013/03/02 19:32:07 | 000,071,552 | ---- | C] () -- C:\Windows\SysNative\drivers\volmgr.sys.dump [2013/03/02 19:32:06 | 000,129,024 | ---- | C] () -- C:\Windows\SysNative\drivers\videoprt.sys.dump [2013/03/02 19:32:04 | 000,215,936 | ---- | C] () -- C:\Windows\SysNative\drivers\vhdmp.sys.dump [2013/03/02 19:32:04 | 000,017,488 | ---- | C] () -- C:\Windows\SysNative\drivers\viaide.sys.dump [2013/03/02 19:32:00 | 000,029,184 | ---- | C] () -- C:\Windows\SysNative\drivers\vgapnp.sys.dump [2013/03/02 19:00:47 | 000,000,158 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/03/02 18:56:35 | 000,816,640 | ---- | C] () -- C:\Users\Laura Siivola\Desktop\RogueKiller.exe [2013/03/02 18:56:03 | 000,594,019 | ---- | C] () -- C:\Users\Laura Siivola\Desktop\adwcleaner.exe [2013/03/01 23:30:54 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2013/03/01 23:30:50 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013/02/28 11:28:53 | 000,002,202 | ---- | C] () -- C:\Users\Laura Siivola\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk [2013/02/28 11:28:53 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk [2013/02/28 11:28:52 | 000,002,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 2.0.lnk [2013/02/26 10:09:24 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/02/22 10:17:18 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Photo Mechanic 5.lnk [2013/02/22 10:17:10 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\SDL.dll [2013/02/22 10:17:10 | 000,324,096 | ---- | C] () -- C:\Windows\SysNative\SDL.dll [2013/02/20 20:55:51 | 000,038,438 | ---- | C] () -- C:\Users\Laura Siivola\AppData\Roaming\Comma Separated Values (DOS).ADR [2013/02/05 12:59:32 | 000,000,364 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForLaura Siivola.job [2013/02/02 09:28:50 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2011/07/11 23:47:41 | 000,000,868 | ---- | C] () -- C:\Users\Laura Siivola\RPSTD2010.lic [2011/07/11 23:47:34 | 000,000,019 | ---- | C] () -- C:\Users\Laura Siivola\rp.ini [2010/07/23 11:38:14 | 000,004,943 | ---- | C] () -- C:\ProgramData\pyknfeyt.slj ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
  21. Damnit!! Yontoodesktop.exe is on my windows task manager!!!!!!
  22. It seems to be running well now, not lagging at all! Thank you very very much!!! The only thing is on starup the solutions center comes up. It says the feature I'm trying to use is on a CDrom and asking me to insert a disk. Would you suggest I reinstall that?
  23. Here's the log. I'm going to restart my computer and post again about any problems, if any... ComboFix 13-03-03.01 - Laura Siivola 03/03/2013 15:51:48.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2602 [GMT -7:00] Running from: c:\users\Laura Siivola\Desktop\ComboFix.exe Command switches used :: c:\users\Laura Siivola\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\HP c:\programdata\HP\Digital Imaging\Data\#Hewlett-Packard#HP Photosmart Prem C410 series#1298919294_WSInfo.ini c:\programdata\HP\Digital Imaging\Data\Mars.ini c:\programdata\HP\Digital Imaging\Data\RedBox.ini c:\programdata\HP\Digital Imaging\hp Photosmart Prem C410 series\1298919294\Data\1298919294.ini c:\programdata\HP\HP Officejet Pro 8500 A910\HPCustPartic\schedule.ini c:\programdata\HP\HP Officejet Pro 8500 A910\HPCustPartic\schedulekeeper.ini c:\programdata\HP\Mars\usg.ini c:\programdata\HP\ProductAssistant\data\EventStore.xml c:\users\Laura Siivola\AppData\Roaming\HP . . ((((((((((((((((((((((((( Files Created from 2013-02-03 to 2013-03-03 ))))))))))))))))))))))))))))))) . . 2013-03-03 23:00 . 2013-03-03 23:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-03-03 23:00 . 2013-03-03 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-03 20:19 . 2013-02-07 23:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B57ACFB5-72B4-437A-A695-4A59C9407109}\mpengine.dll 2013-03-03 02:32 . 2013-03-03 02:32 -------- d-----w- c:\windows\snack 2013-03-03 02:00 . 2013-03-03 02:01 158 ----a-w- c:\windows\DeleteOnReboot.bat 2013-03-02 16:09 . 2013-03-02 16:09 -------- d-----w- c:\users\Laura Siivola\AppData\Roaming\Malwarebytes 2013-03-02 16:09 . 2013-03-02 16:09 -------- d-----w- c:\programdata\Malwarebytes 2013-03-02 16:09 . 2013-03-02 16:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-02 16:09 . 2012-12-14 23:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-02 16:09 . 2013-03-02 16:09 -------- d-----w- c:\users\Laura Siivola\AppData\Local\Programs 2013-03-02 06:33 . 2013-03-02 06:33 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D316F43-8535-4F6E-AEF7-C880DBE4237E}\gapaengine.dll 2013-03-02 06:33 . 2013-02-07 23:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-02 06:30 . 2013-03-02 06:30 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-03-02 06:30 . 2013-03-02 06:30 -------- d-----w- c:\program files\Microsoft Security Client 2013-02-28 18:29 . 2013-02-28 18:29 -------- d-----w- c:\users\Laura Siivola\AppData\Local\Adobe_Systems_Incorporate 2013-02-26 17:47 . 2013-02-26 17:48 -------- d-----w- c:\users\Laura Siivola\AppData\Roaming\iPumper 2013-02-26 17:08 . 2013-02-26 17:08 -------- d-----w- c:\program files\iPod 2013-02-26 17:08 . 2013-02-26 17:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-02-26 17:08 . 2013-02-26 17:09 -------- d-----w- c:\program files\iTunes 2013-02-25 20:11 . 2013-02-25 20:11 -------- d-----w- c:\users\Laura Siivola\AppData\Local\CRE 2013-02-22 17:36 . 2013-02-22 17:36 -------- d-----w- c:\programdata\Camera Bits, Inc 2013-02-22 17:35 . 2013-02-22 17:35 -------- d-----w- c:\users\Laura Siivola\AppData\Roaming\Camera Bits, Inc 2013-02-22 17:17 . 2012-05-17 09:33 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2013-02-22 17:17 . 2012-05-17 09:33 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2013-02-22 17:17 . 2012-05-21 17:22 143360 ----a-w- c:\windows\system32\PMAutoplay.exe 2013-02-22 17:17 . 2013-02-22 17:17 -------- d-----w- c:\program files (x86)\Camera Bits 2013-02-22 17:17 . 2012-05-17 09:33 324096 ----a-w- c:\windows\SysWow64\SDL.dll 2013-02-22 17:17 . 2012-05-17 09:33 324096 ----a-w- c:\windows\system32\SDL.dll 2013-02-20 04:50 . 2013-03-03 15:01 -------- d-----w- c:\users\Laura Siivola\AppData\Roaming\Yontoo 2013-02-20 04:50 . 2013-03-03 02:00 -------- d-----w- c:\program files (x86)\Yontoo 2013-02-19 23:29 . 2013-02-19 23:29 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-02-19 23:29 . 2013-02-19 23:29 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-13 14:03 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 14:03 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-13 14:03 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-27 07:13 . 2012-04-09 04:21 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-27 07:13 . 2011-05-18 16:11 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-19 23:29 . 2012-06-25 14:48 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-02-19 23:29 . 2010-05-10 22:50 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-13 21:39 . 2010-06-22 21:06 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-02-06 14:59 . 2011-02-23 16:17 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys 2013-01-30 10:53 . 2010-10-18 02:57 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-20 22:59 . 2013-01-20 22:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 22:59 . 2013-01-20 22:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-04 04:43 . 2013-02-13 14:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-03 11:48 . 2013-01-25 04:01 7457096 ----a-w- c:\windows\system32\nvopencl.dll 2013-01-03 11:48 . 2013-01-25 04:01 6161832 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-01-03 11:48 . 2013-01-25 04:01 26339768 ----a-w- c:\windows\system32\nvoglv64.dll 2013-01-03 11:48 . 2013-01-25 04:01 19914680 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-01-03 11:48 . 2013-01-25 04:01 13533624 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-01-03 11:48 . 2013-01-25 04:01 9183888 ----a-w- c:\windows\system32\nvcuda.dll 2013-01-03 11:48 . 2013-01-25 04:01 7753688 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-01-03 11:48 . 2013-01-25 04:01 2747832 ----a-w- c:\windows\system32\nvcuvid.dll 2013-01-03 11:48 . 2013-01-25 04:01 2575800 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-01-03 11:48 . 2013-01-25 04:01 25256888 ----a-w- c:\windows\system32\nvcompiler.dll 2013-01-03 11:48 . 2013-01-25 04:01 2443472 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-01-03 11:48 . 2013-01-25 04:01 2219448 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-01-03 11:48 . 2013-01-25 04:01 1867704 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-01-03 11:48 . 2013-01-25 04:01 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-01-03 11:48 . 2012-12-06 21:00 1760696 ----a-w- c:\windows\system32\nvdispco64.dll 2013-01-03 11:48 . 2012-12-06 21:00 1483192 ----a-w- c:\windows\system32\nvdispgenco64.dll 2013-01-03 11:48 . 2010-04-01 09:08 15411296 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-01-03 11:48 . 2009-11-21 07:34 18373576 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-01-03 11:48 . 2009-11-21 07:34 2749424 ----a-w- c:\windows\system32\nvapi64.dll 2013-01-03 09:13 . 2010-04-01 09:58 6206904 ----a-w- c:\windows\system32\nvcpl.dll 2013-01-03 09:13 . 2010-04-01 09:58 3299256 ----a-w- c:\windows\system32\nvsvc64.dll 2013-01-03 09:13 . 2010-04-01 09:58 878520 ----a-w- c:\windows\system32\nvvsvc.exe 2013-01-03 09:13 . 2010-04-01 09:58 118712 ----a-w- c:\windows\system32\nvmctray.dll 2013-01-03 09:13 . 2009-07-29 18:21 63928 ----a-w- c:\windows\system32\nvshext.dll 2012-12-16 17:11 . 2012-12-21 18:22 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 18:22 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 18:22 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 18:22 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-07 13:20 . 2013-01-09 15:34 441856 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 13:15 . 2013-01-09 15:34 2746368 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 12:26 . 2013-01-09 15:34 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2012-12-07 12:20 . 2013-01-09 15:34 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2012-12-07 11:20 . 2013-01-09 15:34 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 11:20 . 2013-01-09 15:34 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 11:20 . 2013-01-09 15:34 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 11:20 . 2013-01-09 15:34 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 11:20 . 2013-01-09 15:34 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 11:20 . 2013-01-09 15:34 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 11:20 . 2013-01-09 15:34 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 11:19 . 2013-01-09 15:34 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 11:19 . 2013-01-09 15:34 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 11:19 . 2013-01-09 15:34 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 11:19 . 2013-01-09 15:34 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 11:19 . 2013-01-09 15:34 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 11:19 . 2013-01-09 15:34 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 11:19 . 2013-01-09 15:34 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 10:46 . 2013-01-09 15:34 43520 ----a-w- c:\windows\SysWow64\csrr.rs 2012-12-07 10:46 . 2013-01-09 15:34 30720 ----a-w- c:\windows\SysWow64\usk.rs 2012-12-07 10:46 . 2013-01-09 15:34 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs 2012-12-07 10:46 . 2013-01-09 15:34 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs 2012-12-07 10:46 . 2013-01-09 15:34 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs 2012-12-07 10:46 . 2013-01-09 15:34 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2012-12-07 10:46 . 2013-01-09 15:34 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2012-12-07 10:46 . 2013-01-09 15:34 46592 ----a-w- c:\windows\SysWow64\fpb.rs 2012-12-07 10:46 . 2013-01-09 15:34 20480 ----a-w- c:\windows\SysWow64\pegi.rs 2012-12-07 10:46 . 2013-01-09 15:34 21504 ----a-w- c:\windows\SysWow64\grb.rs 2012-12-07 10:46 . 2013-01-09 15:34 40960 ----a-w- c:\windows\SysWow64\cob-au.rs 2012-12-07 10:46 . 2013-01-09 15:34 15360 ----a-w- c:\windows\SysWow64\djctq.rs 2012-12-07 10:46 . 2013-01-09 15:34 51712 ----a-w- c:\windows\SysWow64\esrb.rs 2012-12-07 10:46 . 2013-01-09 15:34 55296 ----a-w- c:\windows\SysWow64\cero.rs . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [bU] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Laura Siivola\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Laura Siivola\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Laura Siivola\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DDAssist"="c:\program files (x86)\Drobo\Drobo Dashboard\DDAssist.exe" [2012-06-08 276880] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] . c:\users\Laura Siivola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] Dropbox.lnk - c:\users\Laura Siivola\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-27 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800] S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2013-02-06 101688] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032] S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720] S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-02-06 55096] S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-02-06 297240] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-02-06 976728] S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-02-15 23552] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 07:13] . 2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-06 18:48] . 2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-06 18:48] . 2013-02-14 c:\windows\Tasks\HPCeeScheduleForLaura Siivola.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2013-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Laura Siivola\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Laura Siivola\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Laura Siivola\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Laura Siivola\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360] "PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - FF - ProfilePath - c:\users\Laura Siivola\AppData\Roaming\Mozilla\Firefox\Profiles\tcbdm3o3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en FF - ExtSQL: !HIDDEN! 2011-02-28 11:49; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-03 16:03:30 ComboFix-quarantined-files.txt 2013-03-03 23:03 ComboFix2.txt 2013-03-03 03:19 . Pre-Run: 410,935,476,224 bytes free Post-Run: 410,527,277,056 bytes free . - - End Of File - - 0B5FCFECAC985CCA5143C3EF83D916A5
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.