Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

My computeris running slow and having trouble booting up. [Closed]

Started by Leoncejames , Jun 28 2014 02:13 PM

This topic is locked

#1
Leoncejames

Posted 28 June 2014 - 02:13 PM

Member

Member
25 posts

My computer is running slow and sometimes when booting up it will stop on a black screen after the password page. I also ran my anti virus scanner which is avast and saw I had a lot of viruses but it won't let me move them to the vault. Please help, thank you.

#2
pystryker

Posted 28 June 2014 - 04:59 PM

Trusted Helper

Malware Removal
3,912 posts

Hello and welcome to GeeksToGo! My nickname is Pystryker

, and I will be helping you with your issue today.

Before we get started, I have a few things I need to go over with you

If you are receiving help for this issue at another forum, please let me know so I can close this thread.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
If possible, please have your original Windows installation disks handy, just in case.
If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we? :thumbsup:

Hello, let's get a look at your system and see what's going on.

Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Place a check in the box marked Addition.txt
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Step 2: Scan with aswMBR

Please download aswMBR.exe to your desktop.
Double click the file to run it.
It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Click the Scan button to begin the scan.

Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
Click Exit

Things I need to see in your next post:

FRST Log

Addition.txt Log

aswMBR Log

#3
Leoncejames

Posted 28 June 2014 - 06:59 PM

Member

Topic Starter
Member
25 posts

Thanks for the help here you go:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02

Ran by Thomas (administrator) on THOMAS-HP on 28-06-2014 20:16:52

Running from C:\Users\Thomas\Downloads

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe

(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

() C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

() C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe

() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Windows\System32\cleanmgr.exe

(Microsoft Corporation) C:\Windows\System32\dfrgui.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10372368 2011-03-30] (Intel Corporation)

HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-08-16] (IDT, Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3022448 2013-08-22] (AVAST Software)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [20131121] => C:\Program Files\AVAST Software\Avast\setup\emupdate\1d393a40-7146-427d-98ff-1af40495ec37.exe [180184 2013-11-23] (AVAST Software)

HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-12-26] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-10] (Hewlett-Packard)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1624557554-290839041-1811429599-1000\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-03-09] ()

HKU\S-1-5-21-1624557554-290839041-1811429599-1000\...\MountPoints2: G - G:\LaunchU3.exe -a

HKU\S-1-5-21-1624557554-290839041-1811429599-1000\...\MountPoints2: {87dd9153-cecc-11e1-a957-4ceb42299423} - G:\setup.exe -a

HKU\S-1-5-21-1624557554-290839041-1811429599-1000\...\MountPoints2: {d4698e9e-c9e9-11e1-a714-4ceb42299423} - G:\LaunchU3.exe -a

HKU\S-1-5-21-1624557554-290839041-1811429599-1000\...\Winlogon: [Shell] explorer.exe,C:\Users\Thomas\AppData\Local\Temp\iiexpress.exe <==== ATTENTION

ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

BootExecute: autocheck autochk * aswBoot.exe /A:"* " /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast"

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}

SearchScopes: HKLM - {DCD91905-9B19-43D4-969C-A101C0921ABB} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}

SearchScopes: HKLM-x32 - {DCD91905-9B19-43D4-969C-A101C0921ABB} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKCU - Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}

SearchScopes: HKCU - {60EC8933-9202-1888-F3E7-25184D7A0281} URL = http://isearch.avg.com/search?cid={976AC2A8-A880-4069-9AA1-88C4FA0BA82D}&mid=61bcfb45ee8947d094709da204cd7dd0-134249f0f5b05d5e797c63362512b5e1d18b036f&lang=en&ds=AVG&pr=fr&d=2012-06-17 08:52:28&v=11.1.0.7&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}

SearchScopes: HKCU - {DCD91905-9B19-43D4-969C-A101C0921ABB} URL = http://www.amazon.co...s={searchTerms}

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: No Name - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKLM-x32 - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No File

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File

FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

Chrome:

=======

CHR HomePage: hxxp://search.babylon.com/?affID=113959&tt=060612_5_&babsrc=HP_ss&mntrId=fea2eba30000000000004ceb42299420

CHR StartupUrls: "hxxp://bing.com/"

CHR DefaultSearchKeyword: bing.com

CHR DefaultSearchProvider: Bing

CHR DefaultSearchURL: http://www.bing.com/...q={searchTerms}

CHR DefaultNewTabURL:

CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-26]

CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-26]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]

CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-26]

CHR Extension: (Adblock Plus) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-26]

CHR Extension: (Phantom Seeds) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinggomlpbhmhlpjbphbniocljocmdkg [2014-02-26]

CHR Extension: (Online Video Clock) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjcfdccakkckfnfmgflofngedpooblne [2014-05-22]

CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-26]

CHR Extension: (Netflix) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2014-02-26]

CHR Extension: (The Flower Shop - Summer in Fairbrook) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhpcacgginliblljanhdgnkohkffaekp [2014-02-26]

CHR Extension: (HPMOR) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbeflfgagpohhfjcinininndodhgdadf [2014-02-26]

CHR Extension: (Ripples) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbpdgcemjmjhgnphmehjhnbhjbgjleka [2014-02-26]

CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-26]

CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-26]

CHR HKLM-x32\...\Chrome\Extension: [bebnnlollpcjnfpkafhoclljaojgnfok] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [2014-02-26]

CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx [2014-02-26]

CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [48808 2013-08-22] (AVAST Software)

R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]

R2 ISCTAgent; C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [93696 2011-09-06] ()

R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-08-22] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [82280 2013-08-22] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [75552 2013-08-22] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [65776 2013-08-22] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032928 2013-08-22] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [406176 2013-08-22] (AVAST Software)

R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [68336 2013-08-22] (AVAST Software)

R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [205320 2013-08-30] ()

R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-28 20:16 - 2014-06-28 20:17 - 00025170 _____ () C:\Users\Thomas\Downloads\FRST.txt

2014-06-28 20:16 - 2014-06-28 20:16 - 00000000 ____D () C:\FRST

2014-06-28 20:15 - 2014-06-28 20:15 - 02083328 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe

2014-06-27 22:21 - 2014-06-27 22:21 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe

2014-06-25 01:20 - 2014-06-25 01:20 - 00918952 _____ (Oracle Corporation) C:\Users\Thomas\Downloads\chromeinstall-7u60 (2).exe

2014-06-25 00:54 - 2014-06-25 00:55 - 00918952 _____ (Oracle Corporation) C:\Users\Thomas\Downloads\chromeinstall-7u60 (1).exe

2014-06-25 00:54 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-06-25 00:54 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-06-25 00:54 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-06-25 00:54 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-06-25 00:53 - 2014-06-25 00:54 - 00004341 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log

2014-06-25 00:52 - 2014-06-25 00:52 - 00918952 _____ (Oracle Corporation) C:\Users\Thomas\Downloads\chromeinstall-7u60.exe

2014-06-10 18:21 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-06-10 18:21 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-06-10 18:21 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-06-10 18:21 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-06-10 18:21 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-06-10 18:21 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-06-10 18:21 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-06-10 18:21 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-06-10 18:21 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-06-10 18:21 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-06-10 18:21 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-06-10 18:21 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-06-10 18:21 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-06-10 18:21 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-06-10 18:21 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-06-10 18:21 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-06-10 18:21 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-06-10 18:21 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-06-10 18:21 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-06-10 18:21 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2014-06-10 18:21 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2014-06-10 18:21 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2014-06-10 18:21 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-06-10 18:21 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2014-06-10 18:21 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2014-06-10 18:21 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-06-10 18:21 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2014-06-10 18:21 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-06-10 18:21 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2014-06-10 18:21 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-06-10 18:21 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2014-06-10 18:21 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-06-10 18:20 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-06-10 18:20 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-06-10 18:20 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-06-10 18:20 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-06-10 18:20 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-06-10 18:20 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-06-10 18:20 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-06-10 18:20 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-06-10 18:20 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-06-10 18:20 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-06-10 18:20 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-06-10 18:20 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-06-10 18:20 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-06-10 18:20 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-06-10 18:20 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-06-10 18:20 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-06-10 18:20 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-06-10 18:20 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-06-10 18:20 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-06-10 18:20 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-06-10 18:20 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-06-10 18:20 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-06-10 18:20 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-06-10 18:20 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-06-10 18:20 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-06-10 18:20 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-06-10 18:20 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-06-10 18:20 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-06-10 18:20 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-06-10 18:20 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-06-10 18:20 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-06-10 18:20 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-06-10 18:20 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-06-10 18:20 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-06-10 18:20 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-06-10 18:19 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-06-09 02:28 - 2014-06-09 02:28 - 00000050 _____ () C:\Users\Thomas\Desktop\Free business cards.txt

2014-06-08 18:05 - 2014-06-08 18:05 - 00000210 _____ () C:\Users\Thomas\Downloads\8WP_Registered_Interest.vcf

2014-06-08 12:25 - 2014-06-08 12:25 - 00001972 _____ () C:\Users\Thomas\Desktop\10352841_576472165807455_3438487007201230263_n - Shortcut.lnk

2014-06-07 20:22 - 2014-06-07 20:24 - 00000342 _____ () C:\Users\Thomas\Desktop\Tattoo specials.txt

2014-06-07 10:57 - 2014-06-28 15:57 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2014-06-06 16:11 - 2014-06-06 16:11 - 00001981 _____ () C:\Users\Thomas\Desktop\10415691_10152218052178925_563137819343692435_n - Shortcut.lnk

2014-05-30 21:48 - 2014-05-30 21:48 - 00035685 _____ () C:\Users\Thomas\Desktop\PLaying guitar.odt

2014-05-29 13:52 - 2014-05-31 14:53 - 00026983 _____ () C:\Users\Thomas\Desktop\Jesse and the story of the game..odt

2014-05-29 13:52 - 2014-05-31 14:53 - 00000111 ____H () C:\Users\Thomas\Desktop\.~lock.Jesse and the story of the game..odt#

==================== One Month Modified Files and Folders =======

2014-06-28 20:17 - 2014-06-28 20:16 - 00025170 _____ () C:\Users\Thomas\Downloads\FRST.txt

2014-06-28 20:16 - 2014-06-28 20:16 - 00000000 ____D () C:\FRST

2014-06-28 20:15 - 2014-06-28 20:15 - 02083328 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe

2014-06-28 19:59 - 2012-02-17 15:35 - 01339442 _____ () C:\Windows\WindowsUpdate.log

2014-06-28 19:27 - 2013-08-02 23:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-28 19:18 - 2013-12-14 01:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-28 16:04 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-28 16:04 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-28 16:03 - 2009-07-14 01:13 - 00787404 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-28 15:59 - 2012-06-25 15:12 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CrashDumps

2014-06-28 15:58 - 2013-08-22 04:09 - 12122279 _____ () C:\Windows\SysWOW64\debug.log

2014-06-28 15:57 - 2014-06-07 10:57 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2014-06-28 15:57 - 2014-04-22 22:23 - 00003344 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1624557554-290839041-1811429599-1000

2014-06-28 15:57 - 2014-01-12 22:40 - 00000000 ____D () C:\Temp

2014-06-28 15:57 - 2013-08-02 23:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-28 15:57 - 2013-06-23 01:20 - 00003212 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1624557554-290839041-1811429599-1000

2014-06-28 15:56 - 2014-04-04 12:07 - 00001792 _____ () C:\Windows\setupact.log

2014-06-28 15:56 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-28 14:35 - 2013-08-22 02:48 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-06-27 23:43 - 2012-11-25 21:59 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTHOMAS-HP$

2014-06-27 23:43 - 2012-10-03 17:53 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForTHOMAS-HP$.job

2014-06-27 22:24 - 2012-06-16 22:56 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D41447C9-FEA1-4105-9001-5031C6DF4DB0}

2014-06-27 22:21 - 2014-06-27 22:21 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe

2014-06-27 22:19 - 2010-11-20 23:47 - 00541092 _____ () C:\Windows\PFRO.log

2014-06-27 22:07 - 2012-06-16 20:37 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Skype

2014-06-27 12:14 - 2012-06-16 20:45 - 00000000 ____D () C:\Users\Thomas\Documents\Youcam

2014-06-25 23:40 - 2014-03-30 23:16 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-06-25 23:40 - 2011-10-13 14:32 - 00000000 ____D () C:\ProgramData\Skype

2014-06-25 01:20 - 2014-06-25 01:20 - 00918952 _____ (Oracle Corporation) C:\Users\Thomas\Downloads\chromeinstall-7u60 (2).exe

2014-06-25 00:55 - 2014-06-25 00:54 - 00918952 _____ (Oracle Corporation) C:\Users\Thomas\Downloads\chromeinstall-7u60 (1).exe

2014-06-25 00:54 - 2014-06-25 00:53 - 00004341 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log

2014-06-25 00:54 - 2013-10-08 23:05 - 00000000 ____D () C:\ProgramData\Oracle

2014-06-25 00:54 - 2012-10-25 23:21 - 00000000 ____D () C:\Program Files (x86)\Java

2014-06-25 00:52 - 2014-06-25 00:52 - 00918952 _____ (Oracle Corporation) C:\Users\Thomas\Downloads\chromeinstall-7u60.exe

2014-06-25 00:49 - 2013-12-14 01:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-06-25 00:49 - 2013-08-22 04:25 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-06-25 00:49 - 2011-10-13 14:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-06-25 00:38 - 2013-10-07 21:54 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForThomas

2014-06-25 00:38 - 2013-10-07 21:54 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForThomas.job

2014-06-23 21:10 - 2012-06-25 23:46 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-06-23 21:10 - 2012-06-18 21:08 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-06-22 15:22 - 2013-08-02 23:52 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-22 15:22 - 2013-08-02 23:52 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-13 21:37 - 2012-06-19 23:02 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\SoftGrid Client

2014-06-13 14:38 - 2014-02-26 01:14 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-06-13 14:38 - 2014-02-26 01:14 - 00002143 _____ () C:\ProgramData\Desktop\Google Chrome.lnk

2014-06-11 04:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache

2014-06-11 03:04 - 2013-07-13 03:00 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-11 03:02 - 2012-06-16 20:46 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-06-11 03:00 - 2014-04-30 03:06 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-06-09 02:28 - 2014-06-09 02:28 - 00000050 _____ () C:\Users\Thomas\Desktop\Free business cards.txt

2014-06-08 18:05 - 2014-06-08 18:05 - 00000210 _____ () C:\Users\Thomas\Downloads\8WP_Registered_Interest.vcf

2014-06-08 12:25 - 2014-06-08 12:25 - 00001972 _____ () C:\Users\Thomas\Desktop\10352841_576472165807455_3438487007201230263_n - Shortcut.lnk

2014-06-08 05:13 - 2014-06-10 18:20 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-06-08 05:08 - 2014-06-10 18:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-06-07 20:24 - 2014-06-07 20:22 - 00000342 _____ () C:\Users\Thomas\Desktop\Tattoo specials.txt

2014-06-06 16:11 - 2014-06-06 16:11 - 00001981 _____ () C:\Users\Thomas\Desktop\10415691_10152218052178925_563137819343692435_n - Shortcut.lnk

2014-05-31 14:53 - 2014-05-29 13:52 - 00026983 _____ () C:\Users\Thomas\Desktop\Jesse and the story of the game..odt

2014-05-31 14:53 - 2014-05-29 13:52 - 00000111 ____H () C:\Users\Thomas\Desktop\.~lock.Jesse and the story of the game..odt#

2014-05-30 21:48 - 2014-05-30 21:48 - 00035685 _____ () C:\Users\Thomas\Desktop\PLaying guitar.odt

2014-05-30 06:21 - 2014-06-10 18:20 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-30 06:02 - 2014-06-10 18:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-30 06:02 - 2014-06-10 18:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-05-30 05:45 - 2014-06-10 18:20 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-05-30 05:39 - 2014-06-10 18:20 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-05-30 05:39 - 2014-06-10 18:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-05-30 05:38 - 2014-06-10 18:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-05-30 05:28 - 2014-06-10 18:20 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-05-30 05:27 - 2014-06-10 18:20 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-05-30 05:24 - 2014-06-10 18:20 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-05-30 05:21 - 2014-06-10 18:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-05-30 05:21 - 2014-06-10 18:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-05-30 05:20 - 2014-06-10 18:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-05-30 05:18 - 2014-06-10 18:21 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-30 05:11 - 2014-06-10 18:20 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-05-30 05:08 - 2014-06-10 18:20 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-05-30 05:06 - 2014-06-10 18:20 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-05-30 05:02 - 2014-06-10 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-30 04:55 - 2014-06-10 18:21 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-05-30 04:49 - 2014-06-10 18:20 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-05-30 04:46 - 2014-06-10 18:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-30 04:44 - 2014-06-10 18:20 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-05-30 04:44 - 2014-06-10 18:20 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-05-30 04:43 - 2014-06-10 18:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-05-30 04:42 - 2014-06-10 18:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-05-30 04:38 - 2014-06-10 18:21 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-05-30 04:35 - 2014-06-10 18:20 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-05-30 04:34 - 2014-06-10 18:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-05-30 04:33 - 2014-06-10 18:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-05-30 04:30 - 2014-06-10 18:20 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-05-30 04:29 - 2014-06-10 18:20 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-05-30 04:28 - 2014-06-10 18:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-05-30 04:27 - 2014-06-10 18:21 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-05-30 04:24 - 2014-06-10 18:20 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-05-30 04:23 - 2014-06-10 18:20 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-05-30 04:16 - 2014-06-10 18:21 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-05-30 04:10 - 2014-06-10 18:21 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-05-30 04:06 - 2014-06-10 18:20 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-05-30 04:04 - 2014-06-10 18:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-30 04:02 - 2014-06-10 18:20 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-05-30 03:56 - 2014-06-10 18:20 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-05-30 03:56 - 2014-06-10 18:20 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-05-30 03:54 - 2014-06-10 18:21 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-05-30 03:50 - 2014-06-10 18:20 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-05-30 03:49 - 2014-06-10 18:21 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-05-30 03:43 - 2014-06-10 18:20 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-05-30 03:40 - 2014-06-10 18:20 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-05-30 03:30 - 2014-06-10 18:21 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-05-30 03:21 - 2014-06-10 18:20 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-05-30 03:15 - 2014-06-10 18:21 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-05-30 03:13 - 2014-06-10 18:20 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-05-30 03:13 - 2014-06-10 18:20 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-28 17:52

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2014 02

Ran by Thomas at 2014-06-28 20:17:58

Running from C:\Users\Thomas\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

ActiveState Komodo Edit 8.5.3 (HKLM-x32\...\{E65B87D8-30C4-4FB0-8C24-AFD64950A881}) (Version: 8.5.3 - ActiveState Software Inc.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)

Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)

Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2006269182.48.56.32254362 - Audible, Inc.)

AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden

AuthenTec WinBio FingerPrint Software (HKLM\...\{4BDCF60D-EAAB-4595-B571-283F529F6AFA}) (Version: 3.2.2.1072 - AuthenTec, Inc.)

avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2000 - Avast Software)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

BlackBerry Desktop Software 7.0 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.0.0.59 - Research In Motion Ltd.)

BlackBerry Desktop Software 7.0 (x32 Version: 7.0.0.59 - Research In Motion Ltd.) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4422 - CyberLink Corp.)

CyberLink YouCam (x32 Version: 3.5.0.4422 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)

FIF-12 Driver Installer (HKLM-x32\...\{53B1C9DF-2B77-4EA9-AE26-4B045163C414}) (Version: 2.00 - Vertex Standard LMR, Inc.)

Free YouTube Downloader 3.5.136 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)

GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{A136063D-45CE-32BB-9B0E-B53DF246410D}) (Version: 4.5.2.14837 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)

HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)

HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden

HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden

HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden

HP Documentation (HKLM-x32\...\{D25BAEFB-2216-4757-90FF-0007635BE7A1}) (Version: 1.1.1.0 - Hewlett-Packard)

HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)

HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)

HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)

HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)

HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden

HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)

HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)

HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)

HP Software Framework (HKLM-x32\...\{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}) (Version: 4.5.12.1 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)

HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com)

Intel PROSet Wireless (Version: - ) Hidden

Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)

Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.2.1001 - Intel Corporation)

Intel® Smart Connect Technology 1.0 (HKLM-x32\...\{0A918A9E-74F2-41CB-969F-FB0CB9A51DD8}) (Version: 1.0.698.0 - Intel)

Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)

Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )

Intel® PROSet/Wireless WiFi Software (HKLM\...\{E2D0B67F-8032-4E11-87C6-C8C721D331B3}) (Version: 15.01.0500.0903 - Intel Corporation)

iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)

Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)

Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.600 - Oracle)

Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden

Java SE Development Kit 7 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)

Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office OneNote 2003 (HKLM-x32\...\{90A10409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office Project Professional 2003 (HKLM-x32\...\{903B0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden

MKV File Player (HKLM-x32\...\{C2CDB6A0-9E2D-4E4E-8776-2D92F2F0FB3D}_is1) (Version: - mkvfileplayer.com)

MotoHelper 2.0.51 Driver 5.2.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.51 - Motorola)

MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden

Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0 - Motorola Inc.) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)

OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Python 3.3.2 (64-bit) (HKLM\...\{9fa9a2a6-19e4-381a-8af3-f8cf12f0dcf0}) (Version: 3.3.2150 - Python Software Foundation)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.6.105 - Earth Networks, Inc.)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

WinSCP 5.1.7 (HKLM-x32\...\winscp3_is1) (Version: 5.1.7 - Martin Prikryl)

WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E1}) (Version: 18.0.11023 - WinZip Computing, S.L. )

==================== Restore Points =========================

11-06-2014 07:00:12 Windows Update

15-06-2014 23:00:07 Windows Backup

17-06-2014 07:59:49 Windows Update

20-06-2014 10:50:00 Windows Update

22-06-2014 23:00:05 Windows Backup

24-06-2014 17:12:46 Windows Update

25-06-2014 04:52:47 Installed Java 7 Update 60

26-06-2014 03:38:20 Revo Uninstaller's restore point - Google Talk Plugin

26-06-2014 06:40:39 Revo Uninstaller's restore point - BitTorrent

28-06-2014 02:25:03 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-08-22 02:25 - 00449438 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 10sek.com

127.0.0.1 www.10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

127.0.0.1 123fporn.info

127.0.0.1 www.123fporn.info

127.0.0.1 123haustiereundmehr.com

127.0.0.1 www.123haustiereundmehr.com

127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {16181E0B-D242-4D6B-AF8D-A7EB27169DBC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-25] (Adobe Systems Incorporated)

Task: {216B21B1-5E2F-477A-B0D4-4645D402F02B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1624557554-290839041-1811429599-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)

Task: {248F75C3-F657-4A3E-8E4D-940109F7783A} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-04-26] ()

Task: {2A165F10-82EB-4312-9A23-E4E505A4C5AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02] (Google Inc.)

Task: {2C40DA23-23D5-42B7-9EC1-F2D19B1EAC1E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)

Task: {52C23AE7-EDD6-4E16-9054-1D778DA87859} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION

Task: {566645BF-2E54-44FE-A8E8-240CF129EECB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)

Task: {57677591-F56E-4CEF-A5CA-C9E4673D4C6E} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-04-26] ()

Task: {59854FD4-2FB3-4FB2-AB44-52E276A860A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {5F86CE5D-5A38-4DAA-80A9-727E382D84C4} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-04-26] ()

Task: {72DE5AC5-6A7A-44AF-9B54-5B2140516D7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {742C85F7-CBF4-41C9-BC8B-B2843D17AC39} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {8EF7157A-E049-432B-AE65-8CDA7312D6AC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {A6811664-DC68-47CC-86FB-D1CD455291BC} - System32\Tasks\HPCeeScheduleForTHOMAS-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {A8A21C4A-BE94-4888-ABC9-74DFE0A45BD4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-22] (AVAST Software)

Task: {AE7BD362-738B-45EE-ABA5-CF5ECE74ABB1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-22] (CyberLink)

Task: {B5F5C838-61B3-46D8-98D3-EAFD7DD50458} - System32\Tasks\HPCeeScheduleForThomas => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {C797DBDE-3D5D-4CA7-BA4C-81779B176712} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)

Task: {D83EC2CF-EFED-4748-88E3-6B2ED16BA147} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-04-26] ()

Task: {E67B6150-6109-4D5B-8E4E-731C14A0F217} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1624557554-290839041-1811429599-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)

Task: {EA401553-229B-43C3-B39E-452C013F24BF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {EC289557-AB11-46E5-A8C8-B1BDE000E04D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForTHOMAS-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\HPCeeScheduleForThomas.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-02-11 04:21 - 2014-02-11 04:21 - 00644464 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll

2011-09-06 15:48 - 2011-09-06 15:48 - 00093696 _____ () C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

2011-09-06 15:48 - 2011-09-06 15:48 - 00026112 _____ () C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\ISCTHidMonitor.exe

2011-04-26 16:23 - 2011-04-26 16:23 - 00223088 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

2011-04-26 16:22 - 2011-04-26 16:22 - 00681840 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

2011-07-27 10:37 - 2011-07-27 10:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-08-22 02:47 - 2013-08-22 02:47 - 00388720 _____ () C:\Program Files\AVAST Software\Avast\aswCommChannel.dll

2014-06-28 14:35 - 2014-06-28 05:49 - 02789376 _____ () C:\Program Files\AVAST Software\Avast\defs\14062800\algo.dll

2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2011-09-06 15:48 - 2011-09-06 15:48 - 00036352 _____ () C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll

2014-06-13 14:38 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll

2014-06-13 14:38 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll

2013-08-22 02:47 - 2013-08-22 02:47 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2013-08-22 02:47 - 2013-08-22 02:47 - 00064264 _____ () C:\Program Files\AVAST Software\Avast\aswResourceLib.dll

2013-08-22 02:47 - 2013-08-22 02:47 - 00024592 _____ () C:\Program Files\AVAST Software\Avast\aswRemoteCache.dll

2014-06-13 14:38 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll

2014-06-13 14:38 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll

2014-06-13 14:38 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

2014-06-13 14:38 - 2014-06-05 09:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

2014-02-13 17:39 - 2014-02-13 17:39 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\db0cab2acf56035b3c1dfbb0a78a7dc7\IsdiInterop.ni.dll

2012-02-17 15:36 - 2011-08-24 01:37 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk => C:\Windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnk.CommonStartup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey

MSCONFIG\startupreg: Google Update => "C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: HP CoolSense => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

MSCONFIG\startupreg: ROC_ROC_JULY_P1 => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (06/28/2014 03:58:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: WeatherBug.exe, version: 1.0.0.0, time stamp: 0x531d1353

Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86

Exception code: 0xe0434352

Fault offset: 0x0000c42d

Faulting process id: 0x19ac

Faulting application start time: 0xWeatherBug.exe0

Faulting application path: WeatherBug.exe1

Faulting module path: WeatherBug.exe2

Report Id: WeatherBug.exe3

Error: (06/28/2014 03:58:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: WeatherBug.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.TypeInitializationException

Stack:

Error: (06/28/2014 03:57:10 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2014 03:57:02 PM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: CIRSTDriverApi::CreateInstance *****Unable to open the IRST device driver

Error: (06/28/2014 03:57:02 PM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: CDriverApi::GetInterfaceAlias *****Unable to enumerate device interfaces, error=0x103

Error: (06/28/2014 02:41:54 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: WeatherBug.exe, version: 1.0.0.0, time stamp: 0x531d1353

Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86

Exception code: 0xe0434352

Fault offset: 0x0000c42d

Faulting process id: 0x1770

Faulting application start time: 0xWeatherBug.exe0

Faulting application path: WeatherBug.exe1

Faulting module path: WeatherBug.exe2

Report Id: WeatherBug.exe3

Error: (06/28/2014 02:41:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: WeatherBug.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.TypeInitializationException

Stack:

Error: (06/28/2014 02:40:42 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2014 02:40:32 PM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: CIRSTDriverApi::CreateInstance *****Unable to open the IRST device driver

Error: (06/28/2014 02:40:32 PM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: CDriverApi::GetInterfaceAlias *****Unable to enumerate device interfaces, error=0x103

System errors:

=============

Error: (06/28/2014 03:56:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Coupon Printer Service service failed to start due to the following error:

%%2

Error: (06/28/2014 02:49:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Intel® Management and Security Application User Notification Service service hung on starting.

Error: (06/28/2014 02:47:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Windows Update service hung on starting.

Error: (06/28/2014 02:40:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Coupon Printer Service service failed to start due to the following error:

%%2

Error: (06/28/2014 02:40:08 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 2:39:04 PM on ‎6/‎28/‎2014 was unexpected.

Error: (06/28/2014 02:37:45 PM) (Source: ipnathlp) (EventID: 31004) (User: )

Description: 0

Error: (06/28/2014 02:35:18 PM) (Source: ipnathlp) (EventID: 31004) (User: )

Description: 0

Error: (06/27/2014 11:35:20 PM) (Source: ipnathlp) (EventID: 31004) (User: )

Description: 0

Error: (06/27/2014 10:19:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Coupon Printer Service service failed to start due to the following error:

%%2

Error: (06/27/2014 10:19:51 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 10:16:48 PM on ‎6/‎27/‎2014 was unexpected.

Microsoft Office Sessions:

=========================

Error: (06/28/2014 03:58:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: WeatherBug.exe1.0.0.0531d1353KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d19ac01cf930b39996bbbC:\Program Files\Earth Networks\WeatherBug\WeatherBug.exeC:\Windows\syswow64\KERNELBASE.dlla2dea2cf-fefe-11e3-86c8-4ceb42299423

Error: (06/28/2014 03:58:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: WeatherBug.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.TypeInitializationException

Stack:

Error: (06/28/2014 03:57:10 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2014 03:57:02 PM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: CIRSTDriverApi::CreateInstance *****Unable to open the IRST device driver

Error: (06/28/2014 03:57:02 PM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: CDriverApi::GetInterfaceAlias *****Unable to enumerate device interfaces, error=0x103

Error: (06/28/2014 02:41:54 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: WeatherBug.exe1.0.0.0531d1353KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d177001cf930086aef3fbC:\Program Files\Earth Networks\WeatherBug\WeatherBug.exeC:\Windows\syswow64\KERNELBASE.dlldfc54329-fef3-11e3-847b-4ceb42299423

Error: (06/28/2014 02:41:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: WeatherBug.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.TypeInitializationException

Stack:

Error: (06/28/2014 02:40:42 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2014 02:40:32 PM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: CIRSTDriverApi::CreateInstance *****Unable to open the IRST device driver

Error: (06/28/2014 02:40:32 PM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: CDriverApi::GetInterfaceAlias *****Unable to enumerate device interfaces, error=0x103

==================== Memory info ===========================

Percentage of memory in use: 61%

Total physical RAM: 6091.81 MB

Available physical RAM: 2336.69 MB

Total Pagefile: 12181.8 MB

Available Pagefile: 7973.86 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:677.62 GB) (Free:523.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (Recovery) (Fixed) (Total:16.85 GB) (Free:1.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0 GB) FAT32

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 99E03F5A)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=678 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

Run date: 2014-06-28 20:22:56

-----------------------------

20:22:56.875 OS Version: Windows x64 6.1.7601 Service Pack 1

20:22:56.875 Number of processors: 4 586 0x2A07

20:22:56.876 ComputerName: THOMAS-HP UserName: Thomas

20:22:58.580 Initialize success

20:22:58.581 VM: initialized successfully

20:22:58.601 VM: outdated driver version !

20:23:02.476 AVAST engine defs: 14062800

20:24:24.014 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

20:24:24.018 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 8

20:24:24.142 Disk 0 MBR read successfully

20:24:24.150 Disk 0 MBR scan

20:24:24.161 Disk 0 Windows 7 default MBR code

20:24:24.166 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048

20:24:24.170 Disk 0 default boot code

20:24:24.188 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 693886 MB offset 409600

20:24:24.215 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17255 MB offset 1421488128

20:24:24.240 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4062 MB offset 1456826368

20:24:24.389 Disk 0 scanning C:\Windows\system32\drivers

20:24:34.547 Service scanning

20:25:06.397 Modules scanning

20:25:06.405 Disk 0 trace - called modules:

20:25:06.430 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll

20:25:06.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008ac4060]

20:25:06.445 3 CLASSPNP.SYS[fffff88001cab43f] -> nt!IofCallDriver -> [0xfffffa800893ab10]

20:25:06.452 5 hpdskflt.sys[fffff8800161d189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800660a050]

20:25:08.183 AVAST engine scan C:\Windows

20:25:11.206 AVAST engine scan C:\Windows\system32

20:28:00.332 AVAST engine scan C:\Windows\system32\drivers

20:28:16.265 AVAST engine scan C:\Users\Thomas

20:51:44.302 AVAST engine scan C:\ProgramData

20:54:59.907 Scan finished successfully

20:57:56.988 Disk 0 MBR has been saved successfully to "C:\Users\Thomas\Desktop\MBR.dat"

20:57:56.994 The log file has been saved successfully to "C:\Users\Thomas\Desktop\aswMBR.txt"

#4
pystryker

Posted 28 June 2014 - 08:11 PM

Trusted Helper

Malware Removal
3,912 posts

We have some work to do, so let's get started.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Change Chrome's Home Page

Changing Chrome's Homepage

We need to change your homepage in Chrome. Please follow the instructions below.

Open Chrome and type this in the address bar: chrome:settings
When the Settings page opens, look under On Startup and then click Open a specific set of pages and click Set Pages.
When the window opens, type in any page you wish as your new start page. Remove search.babylon.com as your homepage.
Once you have typed in your new home page, close the window.

Step 2: Fix with Farbar's Recovery Scan Tool

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste).
Save it on the desktop as fixlist.txt

Start
HKU\S-1-5-21-1624557554-290839041-1811429599-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-1624557554-290839041-1811429599-1000\...\MountPoints2: {87dd9153-cecc-11e1-a957-4ceb42299423} - G:\setup.exe -a
HKU\S-1-5-21-1624557554-290839041-1811429599-1000\...\MountPoints2: {d4698e9e-c9e9-11e1-a714-4ceb42299423} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1624557554-290839041-1811429599-1000\...\Winlogon: [Shell] explorer.exe,C:\Users\Thomas\AppData\Local\Temp\iiexpress.exe <==== ATTENTION
BHO-x32: No Name - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
Toolbar: HKLM-x32 - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {52C23AE7-EDD6-4E16-9054-1D778DA87859} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
C:\Program Files (x86)\YourFileDownloader
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Step 3: RogueKiller

Download RogueKiller from one of the links below to your Desktop

Download Link for 32 bit system

Download link for 64 bit system

Click on Scan
The scan will take a short amount of time
Click on Report to open the log.
Copy and paste the content of the log in your next reply.

Step 4: Temporary File Cleaner

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Things I need to see in your next post:

Fixlog.txt Log

RogueKiller Log

#5
Leoncejames

Posted 28 June 2014 - 11:05 PM

Member

Topic Starter
Member
25 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-06-2014 02

Ran by Thomas at 2014-06-29 00:27:34 Run:1

Running from C:\Users\Thomas\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Start