Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Chrome extension [Solved]


  • This topic is locked This topic is locked

#1
Shady

Shady

    Member

  • Member
  • PipPipPip
  • 200 posts
Every once in a while when I load Chrome browser, my bookmarks bar isnt' loaded. Click on the icon to get to the 'Settings' section only to be greeted by another icon that says 'Website Login' must be downloaded blah blah blah. I've never downloaded an extension named that. Is this spyware? I've run Malware Bytes and it detects nothing. Any help would be greatly appreciated.
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
  • Please download WVCheck by Artellos from one of the mirrors below;

    Artellos.com (exe)
    Artellos.com (zip)

  • After the download, run WVCheck.exe
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.
After that

Please run the MGA Diagnostic Tool and post back the report it produces:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

  • 0

#3
Shady

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 200 posts
Windows Validation Check
Version: 1.9.12.5
Log Created On: 1712_06-02-2014
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2014-02-06 12:06:39
Last Success Time for Update Download: 2014-02-02 13:01:41
Last Success Time for Update Installation: 2014-02-02 13:01:54


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Users\John\Documents\StarCraft II\Accounts\75066455\1-S2-1-2933122\Replays\Unsaved\Multiplayer\Antiga Shipyard (2).SC2Replay
Size: 41154 bytes
Creation; 29/1/2014 17:44:44
Modification; 29/1/2014 17:44:44
MD5; 83d00f030ad706fed25b89ab881a1714
Matched: *AntiGA*
-----------------------
C:\Users\John\Documents\StarCraft II\Accounts\75066455\1-S2-1-2933122\Replays\Unsaved\Multiplayer\Antiga Shipyard.SC2Replay
Size: 39716 bytes
Creation; 25/12/2013 9:5:11
Modification; 25/12/2013 9:5:11
MD5; 2e302863a66d484cc69881e53bbfa6c3
Matched: *AntiGA*
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 20/11/2010 21:23:48
Modification; 20/11/2010 21:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 20/11/2010 21:23:48
Modification; 20/11/2010 21:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 20/11/2010 21:24:21
Modification; 20/11/2010 21:24:21
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 20/11/2010 21:23:48
Modification; 20/11/2010 21:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


-------- End of File, program close at 1713_06-02-2014 --------
  • 0

#4
Shady

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 200 posts
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
Windows Product ID: 00359-OEM-8992687-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {BBAAA1A2-EDAE-467D-8ACA-66DDD21F8D5D}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{BBAAA1A2-EDAE-467D-8ACA-66DDD21F8D5D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-3274223156-926114502-2139461653</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dv7 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.1B</Version><SMBIOSVersion major="2" minor="7"/><Date>20111005000000.000000+000</Date></BIOS><HWID>52A63307018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, HomePremium edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800010-02-1033-7601.0000-1462013
Installation ID: 000135219856867845440523671616020901114781320000612292
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: 3Q6C9
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 2/6/2014 5:15:28 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 11:23:2013 05:44
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAEAAQABAAIAAAABAAAABgABAAEAln2c+0CS6JjsuCTUWOqA8BJlIOpyir5BT+OeaC5z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HP INSYDE
FACP HPQOEM SLIC-MPC
HPET HP INSYDE
BOOT HP INSYDE
MCFG HP INSYDE
ASF! HP INSYDE
SLIC HPQOEM SLIC-MPC
SSDT HP INSYDE
ASPT HP INSYDE
SSDT HP INSYDE
SSDT HP INSYDE
SSDT HP INSYDE
SSDT HP INSYDE
SSDT HP INSYDE
  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
That diagnostic scan shows some anomalies that suggest that the OS may not be genuine.

Can you tell me why that would be?
  • 0

#6
Shady

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 200 posts
No I can't really. Its 100% Windows. No hacks.
  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#8
Shady

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 200 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by John (administrator) on JOHN-HP on 07-02-2014 02:16:38
Running from C:\Users\John\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(BitTorrent Inc.) C:\Users\John\AppData\Roaming\BitTorrent\BitTorrent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
() C:\Program Files (x86)\dcmsvc\dcmsvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [IntelWirelessWiMAX] - C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1617920 2011-01-27] (Intel® Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2013-06-07] (IDT, Inc.)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2013-06-07] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [dcmsvc] - C:\Program Files (x86)\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3274223156-926114502-2139461653-1001\...\Run: [Google Update] - C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-12] (Google Inc.)
HKU\S-1-5-21-3274223156-926114502-2139461653-1001\...\Run: [BitTorrent] - C:\Users\John\AppData\Roaming\BitTorrent\BitTorrent.exe [895328 2013-11-18] (BitTorrent Inc.)
HKU\S-1-5-21-3274223156-926114502-2139461653-1001\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk
ShortcutTarget: Warner Bros.lnk -> C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe (No File)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8555
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM - {307679DE-83ED-4077-82D2-BD13FE0112B1} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {307679DE-83ED-4077-82D2-BD13FE0112B1} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - DefaultScope {4EF3CF39-C7E5-4BEA-8A5D-96D4EC04E9FE} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKCU - {307679DE-83ED-4077-82D2-BD13FE0112B1} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {4EF3CF39-C7E5-4BEA-8A5D-96D4EC04E9FE} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]

==================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-21] (Anchorfree Inc.)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [32848 2013-10-18] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-07 02:16 - 2014-02-07 02:16 - 00015564 _____ () C:\Users\John\Downloads\FRST.txt
2014-02-07 02:16 - 2014-02-07 02:16 - 00000000 ____D () C:\FRST
2014-02-07 02:15 - 2014-02-07 02:15 - 02079744 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-02-06 17:15 - 2014-02-06 17:15 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2014-02-06 17:15 - 2014-02-06 17:15 - 00000000 ____D () C:\MGADiagToolOutput
2014-02-06 17:14 - 2014-02-06 17:14 - 02031992 _____ (Microsoft Corporation) C:\Users\John\Downloads\MGADiag.exe
2014-02-06 17:12 - 2014-02-06 17:12 - 03514358 _____ () C:\Users\John\Downloads\WVCheck.exe
2014-01-29 17:45 - 2014-01-29 17:45 - 00000000 ____D () C:\Users\John\AppData\Local\Blizzard Entertainment
2014-01-26 09:40 - 2014-01-26 09:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-17 04:32 - 2014-02-07 00:39 - 00784991 _____ () C:\Windows\WindowsUpdate.log
2014-01-17 04:27 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 02:06 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 02:06 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 02:06 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 02:06 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 02:06 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 02:06 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 02:06 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 02:06 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-07 02:16 - 2014-02-07 02:16 - 00015564 _____ () C:\Users\John\Downloads\FRST.txt
2014-02-07 02:16 - 2014-02-07 02:16 - 00000000 ____D () C:\FRST
2014-02-07 02:15 - 2014-02-07 02:15 - 02079744 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-02-07 02:15 - 2013-06-10 11:09 - 00000000 ____D () C:\Users\John\AppData\Roaming\BitTorrent
2014-02-07 01:40 - 2013-05-26 16:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-07 01:40 - 2013-05-26 16:15 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-07 01:25 - 2013-07-21 19:10 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3274223156-926114502-2139461653-1001UA.job
2014-02-07 00:45 - 2013-05-26 16:03 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{26ABBDB0-EA4C-4F8D-B5F6-95C875CC865C}
2014-02-07 00:39 - 2014-01-17 04:32 - 00784991 _____ () C:\Windows\WindowsUpdate.log
2014-02-06 17:20 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 17:20 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-06 17:15 - 2014-02-06 17:15 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2014-02-06 17:15 - 2014-02-06 17:15 - 00000000 ____D () C:\MGADiagToolOutput
2014-02-06 17:14 - 2014-02-06 17:14 - 02031992 _____ (Microsoft Corporation) C:\Users\John\Downloads\MGADiag.exe
2014-02-06 17:12 - 2014-02-06 17:12 - 03514358 _____ () C:\Users\John\Downloads\WVCheck.exe
2014-02-06 07:25 - 2013-07-21 19:10 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3274223156-926114502-2139461653-1001Core.job
2014-02-06 06:28 - 2014-01-01 13:56 - 00000000 ____D () C:\Users\John\Downloads\YIFY Movies
2014-02-06 06:09 - 2013-09-29 13:01 - 00000000 ____D () C:\Users\John\AppData\Local\VMware
2014-02-06 06:07 - 2013-09-29 13:01 - 00000000 ____D () C:\Users\John\AppData\Roaming\VMware
2014-02-05 08:53 - 2013-06-02 01:18 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJohn
2014-02-05 08:53 - 2013-06-02 01:18 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForJohn.job
2014-02-01 08:53 - 2013-06-07 04:42 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-01 08:53 - 2013-06-02 01:08 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-01-31 20:55 - 2013-09-12 05:38 - 00000000 ___RD () C:\Users\John\Dropbox
2014-01-31 20:55 - 2013-09-12 05:37 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dropbox
2014-01-29 17:45 - 2014-01-29 17:45 - 00000000 ____D () C:\Users\John\AppData\Local\Blizzard Entertainment
2014-01-29 17:19 - 2013-06-02 09:21 - 00000000 ____D () C:\Users\John\Documents\StarCraft II
2014-01-27 05:30 - 2009-07-13 23:13 - 00786702 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-26 09:40 - 2014-01-26 09:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-25 06:19 - 2013-09-29 18:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\Vso
2014-01-25 03:03 - 2013-06-02 09:21 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-01-25 01:27 - 2013-07-14 06:02 - 00000000 ____D () C:\Users\John\AppData\Roaming\Mozilla
2014-01-23 12:45 - 2013-09-29 18:48 - 00001057 _____ () C:\Users\John\AppData\Roaming\vso_ts_preview.xml
2014-01-23 12:35 - 2013-09-29 18:49 - 00000000 ____D () C:\Users\John\Documents\ConvertXToDVD
2014-01-19 01:33 - 2010-11-20 21:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 04:32 - 2014-01-01 13:45 - 00000000 ___RD () C:\Users\John\Google Drive
2014-01-17 04:30 - 2013-09-29 13:00 - 00000000 ____D () C:\ProgramData\VMware
2014-01-17 04:30 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-01-16 00:01 - 2013-09-12 05:37 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 00:01 - 2013-05-26 16:03 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-15 03:17 - 2009-07-13 22:45 - 00414104 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 03:01 - 2013-07-16 06:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 03:00 - 2013-05-26 16:42 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 00:51

==================== End Of Log ============================
  • 0

#9
Shady

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 200 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2014
Ran by John at 2014-02-07 02:16:52
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (x32 Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
ATI Catalyst Install Manager (Version: 3.0.816.0 - ATI Technologies, Inc.)
AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
BitTorrent (HKCU Version: 7.8.2.30332 - BitTorrent Inc.)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.0315.958.16016 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0315.958.16016 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0315.958.16016 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0315.958.16016 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0315.958.16016 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help English (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help French (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help German (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
ccc-utility64 (Version: 2011.0315.958.16016 - ATI) Hidden
CCleaner (Version: 4.08 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
ConvertXtoDVD 4.1.9.347 (x32 Version: 4.1.9.347 - )
CyberLink YouCam (x32 Version: 3.5.1.3908 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.3908 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dcmsvc 1.0 (x32 Version: - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Energy Star Digital Logo (x32 Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Flixster (HKCU Version: 1.8.2.198 - Flixster)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Talk Plugin (x32 Version: 4.9.1.16010 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Connection Manager (x32 Version: 4.0.45.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.1.0.0 - Hewlett-Packard)
HP Games (x32 Version: 1.0.2.4 - WildTangent)
HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) Hidden
HP MovieStore (x32 Version: 2.0 - Hewlett-Packard)
HP On Screen Display (x32 Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (x32 Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (x32 Version: 2.5.2 - Hewlett-Packard Company)
HP Setup (x32 Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (x32 Version: 1.1.13231.3673 - Hewlett-Packard Company)
HP SimplePass 2011 (x32 Version: 5.1.0.495 - Hewlett-Packard)
HP Software Framework (x32 Version: 4.0.110.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company)
IDT Audio (x32 Version: 1.0.6345.0 - IDT)
ImgBurn (x32 Version: 2.5.8.0 - LIGHTNING UK!)
Intel PROSet Wireless (Version: - ) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Display Audio Driver (x32 Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 14.2.0000 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 10.6.0.1002 - Intel Corporation)
Intel® Wireless Display (Version: - )
Intel® Wireless Display (x32 Version: 2.0.30.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (Version: 6.02.0000 - Intel Corporation)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (64-bit) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
RoxioNow Player (x32 Version: 1.9.5.103 - RoxioNow)
ScorpionSaver (x32 Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Search Protection (HKCU Version: 7.5.0.1 - Spigot, Inc.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
StarCraft II (x32 Version: - Blizzard Entertainment)
Synaptics TouchPad Driver (Version: 15.3.29.0 - Synaptics Incorporated)
tools-linux (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
Universal Adb Driver (x32 Version: 1.0.0 - ClockworkMod)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Validity WBF DDK (Version: 4.3.205.0 - Validity Sensors, Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.0.7 (x32 Version: 2.0.7 - VideoLAN)
VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden
VMware Player (x32 Version: 6.0.1 - VMware, Inc)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points =========================

24-01-2014 10:40:55 Windows Update
28-01-2014 10:40:28 Windows Update
01-02-2014 10:40:28 Windows Update
05-02-2014 10:40:29 Windows Update

==================== Hosts content: ==========================

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0804BE8C-66AA-4054-8E9F-B0900BFC00A1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {1194A11E-48AF-45CD-82D6-A2D73EFDF624} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26] (Google Inc.)
Task: {1E150C30-3700-48A7-9634-FA3908C76B70} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {2B1610B4-87A5-4ECD-85D2-A15B31216573} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {3468F8E6-6533-4E31-98B5-CB253DBC8467} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {362F7502-F39D-454F-8D9F-8461F9F8FE58} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {3BC26ED5-1ED9-4C01-9BDC-FAF02003497C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {56271886-B112-4C6D-84BA-F6907A40E477} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26] (Google Inc.)
Task: {5935E9BF-F507-4DED-8A73-EA71CD6C5303} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {60B0A435-E304-48D6-A27C-4D4E92900E68} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {A2B48D40-254B-4A89-BC8A-E5454C9740F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-01-28] (Microsoft)
Task: {A3322C63-55BF-4EAC-90B1-1D1D54D06FCC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3274223156-926114502-2139461653-1001Core => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.)
Task: {B1BC17B1-C37D-4917-8704-54D6212EC074} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3274223156-926114502-2139461653-1001UA => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.)
Task: {BF284B18-7D2E-48E9-B514-C7E6C6C38CE6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {CA412F39-156A-4C7A-8AD5-C2073A2F1126} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {F0AE21EA-ECFC-47AD-8E75-A8F815D1855B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)
Task: {F16D3E9F-30EF-4215-87BC-4221DCB0E4CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F1939CF3-F5E4-48F8-92F8-53761E1FBE09} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3274223156-926114502-2139461653-1001Core.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3274223156-926114502-2139461653-1001UA.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-05-26 13:29 - 2011-01-27 10:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-27 19:07 - 2011-07-27 19:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-03-14 15:21 - 2011-03-14 15:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-15 10:57 - 2011-03-15 10:57 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-24 03:21 - 2010-06-24 03:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2013-10-18 11:46 - 2013-10-18 11:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2013-10-18 17:55 - 2013-10-18 17:55 - 25100288 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-17 04:31 - 2014-01-17 04:31 - 00098816 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\win32api.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00110080 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\pywintypes27.dll
2014-01-17 04:31 - 2014-01-17 04:31 - 00364544 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\pythoncom27.dll
2014-01-17 04:31 - 2014-01-17 04:31 - 00044032 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\_socket.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 01153024 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\_ssl.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00320512 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\win32com.shell.shell.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00711680 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\_hashlib.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 01175040 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\wx._core_.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00805888 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\wx._gdi_.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00811008 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\wx._windows_.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 01062400 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\wx._controls_.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00735232 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\wx._misc_.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00128512 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\_elementtree.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00127488 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\pyexpat.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00557056 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\pysqlite2._sqlite.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00087040 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\_ctypes.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00119808 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\win32file.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00108544 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\win32security.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00018432 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\win32event.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00038912 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\win32inet.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00122368 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\wx._wizard.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00026624 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\_multiprocessing.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00070656 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\wx._html2.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00010240 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\select.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00686080 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\unicodedata.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00025600 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\win32pdh.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00521680 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\windows._lib_cacheinvalidation.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00011264 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\win32crypt.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00024064 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\win32pipe.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00035840 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\win32process.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00017408 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\win32profile.pyd
2014-01-17 04:31 - 2014-01-17 04:31 - 00022528 ____N () C:\Users\John\AppData\Local\Temp\_MEI45522\win32ts.pyd
2013-08-30 05:19 - 2013-08-30 05:19 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1beb84c27c2edeb38839916524b9df4d\IsdiInterop.ni.dll
2013-05-26 13:29 - 2011-05-20 09:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-06-24 03:19 - 2010-06-24 03:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-02-04 05:43 - 2014-02-01 17:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 05:43 - 2014-02-01 17:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 05:43 - 2014-02-01 17:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 05:43 - 2014-02-01 17:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 05:43 - 2014-02-01 17:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2014 04:30:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2014 03:18:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2014 03:17:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2014 04:47:51 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/13/2014 04:47:51 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/13/2014 04:47:51 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/13/2014 04:47:51 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (01/13/2014 04:47:51 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/13/2014 04:47:51 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/13/2014 04:47:51 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (01/13/2014 04:48:21 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (01/13/2014 04:47:51 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/13/2014 04:47:51 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.


Microsoft Office Sessions:
=========================
Error: (01/17/2014 04:30:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2014 03:18:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2014 03:17:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2014 04:47:51 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/13/2014 04:47:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/13/2014 04:47:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/13/2014 04:47:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (01/13/2014 04:47:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (01/13/2014 04:47:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/13/2014 04:47:51 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 8139.86 MB
Available physical RAM: 5285.13 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 13065.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:96.81 GB) (Free:9.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.68 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 4FE3936B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Shady,

You have the Ask search engine. Did you choose that? In some circles it is seen as foistware that brings other adware/browser redirection bundled with it. Tell me when you come back.

Also, it doesn't look like Chrome is properly installed. I take it you want Chrome?

Meantime

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • 0

Advertisements


#11
Shady

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 200 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2014
Ran by John at 2014-02-08 01:50:51 Run:1
Running from C:\Users\John\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] - [X]
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
C:\ProgramData\uninstaller.exe
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
C:\ProgramData\uninstaller.exe => Moved successfully.
C:\Users\Public\dcmsvcsetup.exe => Moved successfully.
C:\Users\Public\invokesi.exe => Moved successfully.

==== End of Fixlog ====
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Thank you for that.

How about my questions at the beginning of my last post. :)
  • 0

#13
Shady

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 200 posts
My apologies. It was really late and just wanted to run the fix and sleep hahah. I don't recall ever saying I wanted the Ask search engine when installing anything. Could've snuck past me though. Yes I would like Chrome. Best browser IMO.
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

I don't recall ever saying I wanted the Ask search engine when installing anything.


We will proceed to remove it then.

Yes I would like Chrome.


Looks like it needs reinstalling. Let's do that after we have removed all the Ask stuff.

Now

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
After that

Please download : ADWCleaner to your desktop (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

When you return please post
  • JRT.txt
  • AdwCleaner log

  • 0

#15
Shady

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 200 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by John on Sun 02/09/2014 at 15:44:34.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{307679DE-83ED-4077-82D2-BD13FE0112B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{307679DE-83ED-4077-82D2-BD13FE0112B1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\John\AppData\Roaming\search protection"
Successfully deleted: [Folder] "C:\Users\John\appdata\local\defineext"
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{26C522DA-1DDA-46F3-B4CB-FE7FA2D1756F}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/09/2014 at 15:49:38.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP