Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015 Ran by LEAH at 2015-02-09 21:15:55 Running from C:\Users\LEAH\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden 7-zip v9.20 (HKLM-x32\...\7-zip) (Version: v9.20 - TUGUU SL) <==== ATTENTION Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{BCC01139-903A-6FC7-3358-85B0AE332601}) (Version: 3.0.829.0 - ATI Technologies, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform) Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden FamilySearch Indexing 3.17.7 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.17.7 - FamilySearch) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden File Opener Packages (HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\File Opener Packages) (Version: - ) <==== ATTENTION FileOpener (HKLM-x32\...\Tweaks FileOpener) (Version: 1.1.1 - Tweaks) GoToMeeting 4.0.0.320 (HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\GoToMeeting) (Version: - ) Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HiDef Media Player 1.1.12 (HKLM-x32\...\HiDef Media Player) (Version: 1.1.12 - HiDefMedia) HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company) HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP) HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard) hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden Intelli Term 1.10.0.8 (HKLM-x32\...\IntelliTerm_1.10.0.8) (Version: 1.10.0.8 - Intelli Term) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java 7 Update 76 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417076FF}) (Version: 7.0.760 - Oracle) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity) Media Downloader version 1.5 (HKLM-x32\...\Media Downloader_is1) (Version: 1.5 - Media Downloader) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Download Manager (HKLM-x32\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation) Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden MyTurboPC (HKLM-x32\...\{A2F37CA8-53F8-4594-B701-32AE64BAED1A}) (Version: 3.2.4.0 - MyTurboPC.com) Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) PC MightyMax 2015 (HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\{3f6555c4-0a24-11dc-8314-0800200c9a66}) (Version: - PC MightyMax) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.) QuickShare (HKLM-x32\...\{063C68D3-B0B7-4FBC-AE78-A81906C11888}) (Version: 10.165.60.13189 - Linkury Inc.) <==== ATTENTION QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Registry Reviver (HKLM\...\Registry Reviver) (Version: 4.0.0.52 - ReviverSoft LLC) Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow) R-Studio 7.6 (HKLM-x32\...\R-Studio 7.6NSIS) (Version: 7.6.156433 - R-Tools Technology Inc.) R-Word Demo 2.0 (HKLM-x32\...\R-Word Demo_is1) (Version: - R-tools Technology Inc.) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) ShopAtHome.com Helper (HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\ShopAtHome.com Helper) (Version: 7.10.2.10 - ShopAtHome.com) <==== ATTENTION ShopAtHome.com Toolbar (HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\ShopAtHome.com Toolbar) (Version: 7.10.2.10 - ShopAtHome.com) <==== ATTENTION Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden Unchecky v0.3.6 (HKLM-x32\...\Unchecky) (Version: 0.3.6 - RaMMicHaeL) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden videos MediaPlay-Air (HKLM-x32\...\videos MediaPlay-Air) (Version: 1.34.7.29 - enter) <==== ATTENTION Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden weDownload Manager (HKLM-x32\...\weDownload Manager) (Version: 1.29.153.0 - weDownload) <==== ATTENTION WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Wondershare Data Recovery(Build 4.7.0.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 4.7.0.5 - Wondershare Software Co.,Ltd.) Wondershare Video Converter Ultimate(Build 8.0.5.1) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.0.5.1 - Wondershare Software) Wondershare Video Editor(Build 5.0.1) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software) Yahoo Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo Inc.) Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 03-02-2015 03:32:56 Windows Update 03-02-2015 09:27:00 Restore Point Created by FRST 04-02-2015 03:00:13 Windows Update 07-02-2015 04:53:42 Installed OpenOffice.org 3.4.1 07-02-2015 06:20:57 Restore Point Created by FRST 07-02-2015 08:39:43 Installed OpenOffice 4.1.1 07-02-2015 09:48:06 Removed HP Setup Manager. 07-02-2015 09:49:17 Removed HP Setup. 07-02-2015 11:58:46 Installed HP Support Solutions Framework 07-02-2015 12:13:58 Restore Operation 07-02-2015 21:07:12 Windows Modules Installer 07-02-2015 22:29:28 Removed OpenOffice 4.1.1 08-02-2015 03:12:38 Windows Backup 08-02-2015 03:29:17 Windows Backup 08-02-2015 06:07:27 Windows Backup 09-02-2015 19:44:23 HPSF Applying updates ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2015-02-09 20:34 - 00001196 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com There are 5 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0C7EA0FD-7285-4C80-9943-3BD6B7D81D36} - \{908D02C7-1780-4D80-A96E-AB3A93B3D1ED} No Task File <==== ATTENTION Task: {1B07E940-CCEC-4A0F-A950-6E3456973190} - System32\Tasks\{FE90A798-363B-41BC-B002-E2BBB9C59536} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe Task: {264BAED9-FEAB-4FB9-A7D0-8B9D021EF30B} - System32\Tasks\{4CB9516C-3831-4A88-9B1B-6DDC48B59BF1} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-11-21] (Malwarebytes Corporation) Task: {393B4F8B-0BAF-4F37-A54C-71B192797D8A} - System32\Tasks\{493445C6-BF12-4A4A-B1D9-9FE3CE9510FB} => C:\Users\LEAH\Desktop\mbam-setup-2.0.2.1012 (2).exe Task: {42B8FC1C-1FE4-42D6-9544-26DADCF7E265} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {49498BC4-E0A0-4EF0-97B0-C8BDAA752EC8} - System32\Tasks\{D01D8908-5375-44DF-A105-8D03876CF021} => C:\Users\LEAH\Desktop\mbam-setup-2.0.2.1012 (2).exe Task: {6090FC54-A322-44F7-941A-D934DE287DD5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd) Task: {7C94BDDC-EB79-4287-B176-2C997076693A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-24] (AVAST Software) Task: {861E73C1-2067-4BBB-92A8-F02F2905F07E} - System32\Tasks\{33ECF48C-FF93-4F02-BC47-2D66A381F819} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-11-21] (Malwarebytes Corporation) Task: {8CAB1C1C-7377-4E58-94B2-46D25950788F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {937738D7-E59D-483E-B103-FF1846150A31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {9F888ADB-89C9-404A-950A-CF8DB5604191} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {B0AAD1D6-306A-4F18-ACA5-9F6B2A498B52} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard) Task: {C4381A08-8FE7-4F4C-A1FE-7CAE6642E42D} - System32\Tasks\{D31BE2FF-8791-4084-9C84-D5C535F39145} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe Task: {CB93E69C-981F-43DD-AA8C-F051DE3D39C9} - System32\Tasks\{E49E27E2-E1B2-4853-AFB2-0DAE1C0E4197} => C:\Program Files\Microsoft Security Client\msseces.exe Task: {DA5A44CB-8BC3-41FF-A937-B2E94B1F6B12} - System32\Tasks\{07E4CAC6-BF2B-460D-86AC-0ECDECF1D0F7} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe Task: {DDA0C6E3-72B8-4547-BE34-ECFD14BFEC51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {EBA62374-416C-4CE6-A4BD-663FA4947479} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {F4E0C83E-FCCF-4867-A1B7-4ACFB312FF55} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: C:\Windows\Tasks\HPCeeScheduleForLEAH.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\MyTurboPC.com Registration3.job => C:\Program Files (x86)\Common Files\MyTurboPC.com\UUS3\UUS3.dll Task: C:\Windows\Tasks\MyTurboPC.com Update3.job => c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe Task: C:\Windows\Tasks\MyTurboPC.com Update3_triggeronce.job => c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe Task: C:\Windows\Tasks\MyTurboPC_sch_0634F74E-AF4F-11E4-BD42-3860770F2AD2.job => C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\mtpc.exe <==== ATTENTION Task: C:\Windows\Tasks\RegCure Pro_sch_7B33AAC5-AE96-11E4-9F19-3860770F2AD2.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION Task: C:\Windows\Tasks\Start Registry Reviver for LEAH-HP@LEAH(logon).job => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe ==================== Loaded Modules (whitelisted) ============== 2015-02-07 00:46 - 2014-10-24 14:16 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll 2011-06-30 02:14 - 2011-06-30 02:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-03-14 16:20 - 2011-03-14 16:20 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2015-02-09 17:00 - 2015-02-09 17:00 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020901\algo.dll 2015-01-20 19:28 - 2015-01-20 19:28 - 00058880 _____ () C:\Program Files (x86)\Unchecky\bin\collector.dll 2014-11-24 16:47 - 2014-11-24 16:47 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-02-07 00:47 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2015-02-07 00:47 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\ProgramData\Temp:56E2E879 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-629239370-1108922991-2781443091-1000\Control Panel\Desktop\\Wallpaper -> ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe MSCONFIG\startupreg: iYogi Support Dock => "C:\Program Files (x86)\iYogi Support Dock\iYogiSupportDock.exe" MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime ==================== Accounts: ============================= Administrator (S-1-5-21-629239370-1108922991-2781443091-500 - Administrator - Disabled) Guest (S-1-5-21-629239370-1108922991-2781443091-501 - Administrator - Disabled) LEAH (S-1-5-21-629239370-1108922991-2781443091-1000 - Administrator - Enabled) => C:\Users\LEAH ==================== Faulty Device Manager Devices ============= Name: Microsoft Teredo Tunneling Adapter Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/08/2015 00:25:28 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: The backup was not successful. The error is: The system cannot find the path specified. (0x80070003). Error: (02/08/2015 03:31:18 AM) (Source: System Restore) (EventID: 8200) (User: ) Description: Failed to initiate System Restore (Windows Backup). Error: (02/07/2015 08:19:08 PM) (Source: System Restore) (EventID: 8204) (User: ) Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Restore Point Created by FRST). Error: (02/07/2015 07:22:38 PM) (Source: System Restore) (EventID: 8204) (User: ) Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Restore Operation). Error: (02/07/2015 05:56:11 PM) (Source: System Restore) (EventID: 8204) (User: ) Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Installed HP Support Solutions Framework). Error: (02/07/2015 08:41:04 AM) (Source: MsiInstaller) (EventID: 1013) (User: LEAH-HP) Description: Product: OpenOffice.org 3.4.1 -- Please exit OpenOffice.org 3.4.1 and the OpenOffice.org 3.4.1 Quickstarter before you continue. If you are using a multi-user system, also make sure that no other user has OpenOffice.org 3.4.1 open. Error: (02/07/2015 06:20:57 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {f06e7e89-a642-4081-8bc1-f36a422d4766} Error: (02/07/2015 04:52:58 AM) (Source: MsiInstaller) (EventID: 10005) (User: LEAH-HP) Description: Product: OpenOffice.org 3.4.1 -- Please use the file setup.exe to start the installation. Error: (02/06/2015 09:45:48 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x800705aa, Insufficient system resources exist to complete the requested service. ] Operation: Instantiating VSS server Error: (02/06/2015 00:10:18 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: NT AUTHORITY) Description: Certificate Services Client failed to invoke the Providers in response to event 256. Error code 2147943855. System errors: ============= Error: (02/09/2015 08:32:44 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (02/08/2015 07:55:26 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/08/2015 07:55:26 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/08/2015 07:55:25 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/08/2015 07:55:25 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/08/2015 07:55:24 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/08/2015 06:18:55 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (02/08/2015 03:30:11 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/08/2015 03:30:11 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/08/2015 03:30:10 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Microsoft Office Sessions: ========================= Error: (02/08/2015 00:25:28 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: The system cannot find the path specified. (0x80070003) Error: (02/08/2015 03:31:18 AM) (Source: System Restore) (EventID: 8200) (User: ) Description: Windows Backup0x80070057 Error: (02/07/2015 08:19:08 PM) (Source: System Restore) (EventID: 8204) (User: ) Description: Restore Point Created by FRST Error: (02/07/2015 07:22:38 PM) (Source: System Restore) (EventID: 8204) (User: ) Description: Restore Operation Error: (02/07/2015 05:56:11 PM) (Source: System Restore) (EventID: 8204) (User: ) Description: Installed HP Support Solutions Framework Error: (02/07/2015 08:41:04 AM) (Source: MsiInstaller) (EventID: 1013) (User: LEAH-HP) Description: Product: OpenOffice.org 3.4.1 -- Please exit OpenOffice.org 3.4.1 and the OpenOffice.org 3.4.1 Quickstarter before you continue. If you are using a multi-user system, also make sure that no other user has OpenOffice.org 3.4.1 open.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (02/07/2015 06:20:57 AM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {f06e7e89-a642-4081-8bc1-f36a422d4766} Error: (02/07/2015 04:52:58 AM) (Source: MsiInstaller) (EventID: 10005) (User: LEAH-HP) Description: Product: OpenOffice.org 3.4.1 -- Please use the file setup.exe to start the installation. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (02/06/2015 09:45:48 PM) (Source: VSS) (EventID: 13) (User: ) Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x800705aa, Insufficient system resources exist to complete the requested service. Operation: Instantiating VSS server Error: (02/06/2015 00:10:18 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: NT AUTHORITY) Description: 2562147943855 CodeIntegrity Errors: =================================== Date: 2015-02-03 16:32:21.416 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-03 16:32:21.369 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-03 16:32:21.322 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-03 16:32:21.260 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-24 11:36:43.643 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-24 11:36:43.597 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-18 17:56:28.663 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-18 17:56:28.594 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD E2-3200 APU with Radeon(tm) HD Graphics Percentage of memory in use: 60% Total physical RAM: 3570.82 MB Available physical RAM: 1420.25 MB Total Pagefile: 7139.83 MB Available Pagefile: 4449.35 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:919.68 GB) (Free:853.96 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (HP_RECOVERY) (Fixed) (Total:11.74 GB) (Free:1.56 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive g: (MY BOOK) (Fixed) (Total:232.88 GB) (Free:116 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7482C7C6) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 232.9 GB) (Disk ID: 8F9C798A) Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================