Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Chrome hijacked -- Avast blocking constant harmful webpages/files [Clo


  • This topic is locked This topic is locked

#61
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

That's no problem, Julie. 


  • 0

Advertisements


#62
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Just checking in, Julie. It has been nearly two weeks. 

 

Please let me know if you still require assistance. 


  • 0

#63
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Apologies -- I did not make it over there last Wednesday, and I don't think that tomorrow is looking too promising, either.  Unfortunately with all of the college application needs (and no symptoms interfering, as they were a couple of months ago), my friend is wanting to have her computer free rather than tied up running stuff on her days off.  Maybe next week?  I'll test the waters when I see her later this week at our sons' soccer game.


  • 0

#64
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

No problem at all. Whenever is most convenient. :)


  • 0

#65
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Hi -- My friend called and asked me to go over next Wednesday morning to check things out.  She doesn't seem to have any further issues that make me think there's still malware or viruses, but she does say (if I'm understanding her correctly) that her computer has a tendency to turn itself off if she leaves it on too long.  I'll run malwarebytes and visit the website you linked for a virus check and make sure that all is well in that department before trying to figure out what the other issue(s) is / are.  Thanks.  


  • 0

#66
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

OK, thank you for letting me know. I'll look out for your response next week. 


  • 0

#67
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

I had a death in the family last week, so did not make it to my friend's computer until yesterday.  Oddly, Malwarebytes had been removed from her computer (to her knowledge, she had not done it) and Avast was gone as well.  The Malwarebytes folder was still there, but was empty, except for a few files and two folders ("Chameleon" and something else).  

 

I went to Control Panel and to the program list, and that had been repopulated (odd, but at least that can be crossed off the list...).  I sorted by date, and could see that on October 29th, Adobe Flash had been installed, along with McAfee Security Center.  My best guess is that McAfee was bundled with Flash, and that when it installed, it uninstalled competing / conflicting products, thus the Avast and Malwarebytes were zapped.  I uninstalled McAfee, because I have more faith in Avast.

 

I downloaded Malwarebytes and ran it, and it came up with two items:  Win32:Malware-gen and Win32:Crypt-PM[Trj] (okay -- I can't read my writing on that one -- it might be PIM instead of PM?).  I quarantined them.

 

When the computer rebooted, it came up to a screen saying "Please wait while Windows configures CA Personal Firewall".  Frankly, I'm fairly sure that I don't want CA Personal Firewall installed at this time, so after about five minutes of pondering that, when it appeared to be hanging anyway, I bailed out (had to unplug as the on/off button did nothing), and restarted, and hit cancel as soon as I saw the installation message.  I tried to go into programs to uninstall; it was a CA suite (probably bundled with the original computer, as it was dated 2009) with three different options -- Firewall, Anti-virus (I think) and something else.  One of the three uninstalled, but the other two came up with an "Error E9039:  Unable to uninstall CA Personal Firewall". I tried to uninstall them in safe mode and was also unable to do so -- something about the Windows installer being corrupted, so I went into MSConfig and unchecked them from start-up.  I was wanting to make sure to leave the computer in a state where my friend could use it, rather than have it hanging with the CA installation.

 

I booted up to the desktop and no CA attempt to install, so I guess unchecking them from start-up worked.  Given that Avast was gone and that things seemed to have taken a few steps backward on the virus / malware front, I decided to download Avast and run a scan prior to visiting the website you linked.  When I ran the full scan, it said it found some items and wanted to run a boot scan, so I left that running.  My friend did call during the full scan saying there was an Avast error message relating to creating a file that already existed.  I'm assuming that this might be a log file or something; there were no choices besides "OK", so I told her just to click it.  She didn't write the message down.

 

All of this of course took some time, so I was back and forth from my friend's apartment, alternately working on her computer and dealing with my own family issues.  When I returned the final time -- to check on the first Avast scan and start the boot scan, my friend told me that she had arrived home from grocery shopping to find an orange notice on the door advising her that her cable had been found to be "leaking" in excess of allowable FCC guidelines.  So she now has no internet (or phone)!  Seriously.  You can't make this stuff up!   She called her cable company and they told her that it was an all-day fix, so now she has to figure out a day that she can take off of work in order to wait for the cable guy.  I'll probably go check the results of the full scan today, but until she has internet back, I think we're dead in the water for further fixes (besides anything that can be transported on a thumb drive...).

 

 


  • 0

#68
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

I think it's irrelevant, but I should clarify that the CA Firewall Installation message did have a "Cancel" button.  I tried clicking it, but it didn't work -- it kept hanging on the message.  After a couple of minutes of allowing the "Cancel" to take effect, I unplugged the machine.

 

The "cancel" I hit on reboot was, I think, a Windows Installer cancel button.  That one worked.  Again, I think it's moot at this point, as long as the unchecked start-up buttons don't somehow revert to checked, but I just wanted to clarify that.


  • 0

#69
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Sounds like a bit of mess, Julie. 
A lot of time has passed since your last post, so anything could have happened. New malware arriving, etc. 
 
We can deal with CA. But first, I'm going to need to see a fresh set of FRST logs. 
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Using a clean PC, please download Farbar Recovery Scan Tool (x32) and save the file to your USB drive.
  • Transfer the file to the Desktop of the affected PC. 
  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

  • 0

#70
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Okay -- and her internet is back now, so that makes things a bit easier (though she has to work the next five days, which is unfortunate...).

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2014
Ran by Jared (administrator) on JARED-PC on 13-11-2014 13:05:59
Running from C:\Users\Jared\Desktop
Loaded Profile: Jared (Available profiles: Jared)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(CA) C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
(CA, Inc.) C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Vimicro Corporation) C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6266880 2008-07-03] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [132760 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM\...\Run: [DVDAgent] => c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-09-09] (CyberLink Corp.)
HKLM\...\Run: [VMonitorVMUVC] => C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [143360 2008-08-29] (Vimicro Corporation)
HKLM\...\Run: [InstaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1884576 2012-01-17] (Affinegy, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-12] (AVAST Software)
Winlogon\Notify\PFW: C:\Windows\system32\UmxWnp.Dll (CA)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)
HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\Run: [AdobeUpdater] => C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2321600 2007-03-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1103472.exe [460216 2009-01-16] (Adobe Systems, Inc.)
HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\MountPoints2: {70015490-fad9-11de-b651-806e6f6e6963} - E:\Belkin_Setup_and_Monitor_Install.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
ShortcutTarget: Snapfish Media Detector.lnk -> C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe ()
Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CamTrack.lnk
ShortcutTarget: CamTrack.lnk -> C:\Program Files\DigitalPeers\CamTrack\camtrack.exe ()
Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=20011&l=dis
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ask.com/
http://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
SearchScopes: HKLM - {146B2238-BBEC-471C-BC30-5DC5DB2BC879} URL = http://search.yahoo....ing}&fr=hp-psdt
SearchScopes: HKLM - {3643E908-98E6-4AB7-A81E-FA03A71BEB00} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKCU - {146B2238-BBEC-471C-BC30-5DC5DB2BC879} URL = http://search.yahoo....ing}&fr=hp-psdt
SearchScopes: HKCU - {3643E908-98E6-4AB7-A81E-FA03A71BEB00} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://dl.ask.com/to...m=1&toolbar=GV2
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name -> {201f27d4-3704-41d6-89c1-aa35e39143ed} ->  No File
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-28]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (Avast Online Security) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-13]
CHR Extension: (Ultimate Football Results) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnpobggldcjebejmndignliobeifocj [2014-08-16]
CHR Extension: (Blipshot  one click screenshots) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaboflcmhejfihjcbmdiebgfchigjcf [2014-08-24]
CHR Extension: (Google Wallet) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Whiskey Militia Countdown Timer) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemfnmdbgcehmkfbgpcimghoopojjchp [2014-08-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-01-17] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-12] (AVAST Software)
S3 CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [214256 2009-09-05] (CA, Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-03-14] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 ITMRTSVC; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [280080 2007-01-04] (CA, Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 UmxAgent; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [1010192 2007-10-18] (CA)
S2 UmxCfg; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [801296 2007-10-18] (CA)
R2 UmxFwHlp; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [145936 2007-10-18] (CA)
S2 UmxPol; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [281104 2008-06-24] (CA)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-11-12] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-12] ()
S3 dptrackerd; C:\Windows\System32\drivers\dptrackerd.sys [110080 2006-08-24] (Windows ® 2000 DDK provider) [File not signed]
R1 KmxAgent; C:\Windows\System32\DRIVERS\kmxagent.sys [63504 2008-06-24] (CA)
R2 KmxCF; C:\Windows\System32\DRIVERS\KmxCF.sys [138744 2008-06-24] (CA)
R3 KmxCfg; C:\Windows\System32\DRIVERS\kmxcfg.sys [88816 2008-06-24] (CA)
R1 KmxFile; C:\Windows\System32\DRIVERS\KmxFile.sys [45584 2008-06-24] (CA)
R1 KmxFilter; C:\Windows\System32\DRIVERS\KmxFilter.sys [51728 2007-10-18] (CA)
R0 KmxFw; C:\Windows\System32\DRIVERS\kmxfw.sys [103952 2008-06-24] (CA)
R2 KmxSbx; C:\Windows\System32\DRIVERS\KmxSbx.sys [66576 2008-06-24] (CA)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
S3 netr73; C:\Windows\System32\DRIVERS\WUSB54GCx86.sys [256000 2007-03-11] (Ralink Technology Inc.)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [252416 2009-05-25] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 13:05 - 2014-11-13 13:06 - 00018909 _____ () C:\Users\Jared\Desktop\FRST.txt
2014-11-13 13:03 - 2014-11-13 12:34 - 01108480 _____ (Farbar) C:\Users\Jared\Desktop\FRST.exe
2014-11-13 12:01 - 2014-11-13 12:01 - 01107968 _____ (Farbar) C:\Users\Jared\Downloads\FRST.exe
2014-11-13 11:29 - 2014-10-09 20:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 11:29 - 2014-10-09 20:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 11:29 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 11:29 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 11:28 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 11:28 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 11:27 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 11:27 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 11:18 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 11:14 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 11:14 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 11:14 - 2014-10-02 20:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 11:14 - 2014-10-02 20:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 11:13 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 11:05 - 2014-10-12 18:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 10:43 - 2014-11-12 10:43 - 00001877 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-12 10:43 - 2014-11-12 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-12 10:42 - 2014-11-12 10:42 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-12 10:42 - 2014-11-12 10:42 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-12 10:42 - 2014-11-12 10:42 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-12 10:42 - 2014-11-12 10:42 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-12 10:42 - 2014-11-12 10:42 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-11-12 10:42 - 2014-11-12 10:42 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-11-12 10:42 - 2014-11-12 10:42 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-12 10:42 - 2014-11-12 10:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-12 10:42 - 2014-11-12 10:42 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-12 10:42 - 2014-11-12 10:41 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-12 10:34 - 2014-11-12 10:35 - 05006864 _____ (AVAST Software) C:\Users\Jared\Downloads\avast_free_antivirus_setup_online.exe
2014-11-12 09:47 - 2014-11-13 11:49 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 09:47 - 2014-11-12 09:47 - 00000905 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-12 09:47 - 2014-11-12 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-12 09:47 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-12 09:47 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-12 09:47 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-12 09:42 - 2014-11-12 09:43 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Jared\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-12 07:42 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 07:42 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 07:42 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 07:42 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 07:42 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 07:42 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 07:42 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 07:42 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 07:42 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 07:42 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 07:42 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 07:42 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 07:42 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 07:42 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 07:42 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 07:42 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 07:42 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 07:42 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 07:42 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 07:42 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 07:42 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-30 07:31 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-10-30 07:31 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-10-30 07:31 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-10-30 07:31 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-30 07:30 - 2014-06-15 17:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-30 07:30 - 2014-06-13 13:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-30 07:30 - 2014-06-13 13:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-30 07:21 - 2014-09-09 01:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-30 07:20 - 2014-08-22 20:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-30 07:18 - 2014-10-30 07:18 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-10-30 07:07 - 2014-09-04 18:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-29 18:15 - 2014-06-02 05:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-29 18:15 - 2014-06-02 05:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-29 18:15 - 2014-06-02 05:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-29 18:15 - 2014-06-02 05:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-29 18:15 - 2014-06-02 03:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-29 18:15 - 2014-04-26 11:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-10-29 18:15 - 2014-04-04 21:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-29 18:15 - 2014-03-25 08:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-29 18:14 - 2014-06-13 19:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-29 18:14 - 2014-06-13 19:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-10-29 18:14 - 2014-06-06 03:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-29 18:14 - 2014-05-30 01:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-29 18:13 - 2014-03-09 20:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-10-29 18:13 - 2014-02-05 20:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-10-29 17:39 - 2014-10-29 17:39 - 00135344 _____ () C:\Windows\Minidump\Mini102914-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 13:06 - 2014-09-10 08:03 - 00000000 ____D () C:\FRST
2014-11-13 13:05 - 2006-11-02 05:33 - 00783502 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-13 13:03 - 2014-08-28 13:42 - 00001590 _____ () C:\Windows\setupact.log
2014-11-13 12:56 - 2014-08-28 13:30 - 01122417 _____ () C:\Windows\WindowsUpdate.log
2014-11-13 12:51 - 2010-03-04 19:54 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 12:28 - 2013-05-21 18:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-13 12:13 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-13 12:05 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-11-13 11:58 - 2010-03-04 19:54 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 11:48 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-13 11:48 - 2006-11-02 07:47 - 00313568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 11:48 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-13 11:48 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-13 11:45 - 2009-09-05 10:27 - 00170406 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k0
2014-11-13 11:45 - 2009-09-05 10:27 - 00000064 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k7
2014-11-13 11:45 - 2009-09-05 10:27 - 00000064 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k6
2014-11-13 11:45 - 2009-09-05 10:27 - 00000064 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k5
2014-11-13 11:45 - 2009-09-05 10:27 - 00000064 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k4
2014-11-13 11:45 - 2009-09-05 10:27 - 00000064 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k3
2014-11-13 11:45 - 2009-09-05 10:27 - 00000064 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k2
2014-11-13 11:45 - 2009-09-05 10:27 - 00000064 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k1
2014-11-13 11:45 - 2006-11-02 08:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-13 11:29 - 2008-09-01 13:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 11:17 - 2009-02-11 19:19 - 00000000 ____D () C:\Users\Jared\AppData\Local\Google
2014-11-13 11:12 - 2013-08-15 09:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 11:07 - 2006-11-02 05:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-13 10:57 - 2014-09-13 14:45 - 00051418 _____ () C:\Windows\PFRO.log
2014-11-13 09:18 - 2008-05-14 19:09 - 00000000 ____D () C:\ProgramData\WildTangent
2014-11-12 10:24 - 2006-11-02 05:23 - 00000219 _____ () C:\Windows\SYSTEM.INI
2014-11-12 09:47 - 2014-04-06 15:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-10 21:33 - 2006-11-02 05:23 - 00000574 _____ () C:\Windows\win.ini
2014-11-05 18:55 - 2011-07-03 17:29 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\HpUpdate
2014-10-30 07:35 - 2006-11-02 07:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-29 21:37 - 2008-09-01 09:14 - 00000000 ____D () C:\Users\Jared
2014-10-29 21:37 - 2006-11-02 05:22 - 44531712 _____ () C:\Windows\system32\config\software_previous
2014-10-29 21:37 - 2006-11-02 05:22 - 18612224 _____ () C:\Windows\system32\config\system_previous
2014-10-29 21:36 - 2010-07-21 18:15 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Skype
2014-10-29 21:36 - 2008-09-01 09:14 - 00000000 ___RD () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-29 21:36 - 2008-09-01 09:14 - 00000000 ___RD () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-29 21:36 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-10-29 21:36 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-10-29 21:35 - 2013-05-21 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-29 21:35 - 2011-11-08 15:56 - 00000000 ____D () C:\Users\Jared\.phet
2014-10-29 21:35 - 2010-01-06 10:21 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-10-29 21:35 - 2009-09-05 09:14 - 00000000 ____D () C:\Program Files\Common Files\Scanner
2014-10-29 21:35 - 2009-05-28 18:58 - 00000000 ____D () C:\Program Files\AskBarDis
2014-10-29 21:35 - 2009-02-11 17:22 - 00000000 ____D () C:\Program Files\Google
2014-10-29 21:35 - 2008-09-01 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-29 21:35 - 2008-09-01 13:21 - 00000000 ____D () C:\Users\Jared\AppData\Local\Microsoft Help
2014-10-29 21:35 - 2008-09-01 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2014-10-29 21:35 - 2008-09-01 09:18 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-10-29 21:35 - 2008-05-14 19:07 - 00000000 ____D () C:\Program Files\PC-Doctor 5 for Windows
2014-10-29 21:35 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-10-29 21:17 - 2009-09-05 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CA
2014-10-29 21:11 - 2006-11-02 05:22 - 39321600 _____ () C:\Windows\system32\config\components_previous
2014-10-29 21:11 - 2006-11-02 05:22 - 00057344 _____ () C:\Windows\system32\config\sam_previous
2014-10-29 18:30 - 2013-05-21 18:22 - 00001977 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-29 18:28 - 2013-05-21 18:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-29 18:28 - 2013-05-21 18:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-29 17:40 - 2008-09-01 09:24 - 00079296 _____ () C:\Users\Jared\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-29 17:39 - 2009-10-03 16:47 - 95695024 _____ () C:\Windows\MEMORY.DMP
2014-10-29 17:39 - 2009-10-03 16:47 - 00000000 ____D () C:\Windows\Minidump
2014-10-29 06:46 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-10-29 06:40 - 2006-11-02 05:22 - 00024576 _____ () C:\Windows\system32\config\security_previous
2014-10-28 05:35 - 2011-04-24 17:24 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-23 07:47 - 2008-09-01 16:24 - 00030179 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Jared\AppData\Local\Temp\0bi_oyds.dll
C:\Users\Jared\AppData\Local\Temp\adnp0mua.dll
C:\Users\Jared\AppData\Local\Temp\AOLFirewallMgr.dll
C:\Users\Jared\AppData\Local\Temp\dlyp8t4y.dll
C:\Users\Jared\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv_69d6064f.exe
C:\Users\Jared\AppData\Local\Temp\jre-6u35-windows-i586-iftw_5b459b33.exe
C:\Users\Jared\AppData\Local\Temp\m8gmvukt.dll
C:\Users\Jared\AppData\Local\Temp\ose00000.exe
C:\Users\Jared\AppData\Local\Temp\progupd.dll
C:\Users\Jared\AppData\Local\Temp\qvhzokua.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-13 11:57

==================== End Of Log ============================

 

 

 

 

ADDITION.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-11-2014
Ran by Jared at 2014-11-13 13:07:03
Running from C:\Users\Jared\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
5600 (Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
AIO_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version:  - )
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
CA Internet Security Suite (HKLM\...\eTrust Suite Personal) (Version: 3.2.1.22 - CA, Inc.)
CA Personal Firewall (HKLM\...\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}) (Version: 9.1.0.36 - CA)
CamTrack (HKLM\...\CamTrack_is1) (Version: 2.3.0 - Digital Peers)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1329 - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2726 - CyberLink Corp.)
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4748.24 - PC-Doctor, Inc.)
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2 - HP) Hidden
HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Demo (HKLM\...\{44F3AD4C-D8A0-40DD-94A1-7443BE9953C7}_is1) (Version: HP Demo - Hewlett-Packard)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP MediaSmart DVD (HKLM\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.2.3309 - Hewlett-Packard)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
HPTCSSetup (HKLM\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java™ SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2529 - CyberLink Corp.)
LightScribe System Software (HKLM\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5657 - Realtek Semiconductor Corp.)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Snapfish Picture Mover (HKLM\...\{029B5901-1F27-4347-9923-E8ACC8F54E15}) (Version: 1.9.0.16 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
sp44626 (HKLM\...\sp44626) (Version:  - Hewlett-Packard)
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vimicro USB2.0 UVC PC Camera (HKLM\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1903400887-3625771325-1800999696-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1903400887-3625771325-1800999696-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1903400887-3625771325-1800999696-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points  =========================

29-10-2014 22:58:26 Windows Update
30-10-2014 11:38:43 Windows Update
31-10-2014 22:42:44 Scheduled Checkpoint
01-11-2014 14:06:31 Scheduled Checkpoint
02-11-2014 13:18:09 Scheduled Checkpoint
03-11-2014 13:10:23 Scheduled Checkpoint
04-11-2014 13:09:16 Scheduled Checkpoint
05-11-2014 18:18:24 Windows Update
08-11-2014 12:40:26 Scheduled Checkpoint
10-11-2014 22:35:36 Scheduled Checkpoint
11-11-2014 23:53:48 Scheduled Checkpoint
12-11-2014 12:29:43 Windows Update
12-11-2014 15:36:19 avast! antivirus system restore point
13-11-2014 16:04:35 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3EF222FA-4BCC-4821-B9F5-4AE1E0DE097B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {5017837D-3188-4688-9F8B-7448A15F0A00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-29] (Adobe Systems Incorporated)
Task: {85E81A6B-818A-47AD-9E2C-9E17ED3327E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {A1BB6C56-7AE3-4F5D-B879-2E0F3315DAD0} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {A4B7A9E3-5EF7-42E8-AF9B-C0FCD9A9A763} - System32\Tasks\Microsoft\Windows\RestartManager\{79F825F3-6C25-43e4-A140-8F7F34274CDD} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {B39F199A-525E-4137-B74A-58BB8A9BA32B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-12] (AVAST Software)
Task: {B92E9381-E0AB-4B9D-84B9-7D996514C5D1} - System32\Tasks\CAAntiSpywareScan_Daily as Jared at 10 14 AM => C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-16] (CA, Inc.)
Task: {D070AD3B-6A4C-4757-B3E9-8A7AA65A8F4D} - System32\Tasks\{81EA3D94-29B1-48AB-84B5-BA113939A8DF} => Iexplore.exe http://www.skype.com...LastError=12002
Task: {D4C8DD1D-FFF7-4EE1-A7DB-3F23F51D10E3} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {E0917328-6F0D-4524-B6FC-3DD92C166584} - System32\Tasks\{34367977-7C60-429D-B659-8D0E625635B8} => Iexplore.exe http://www.skype.com...LastError=12002
Task: {E0CD51B7-C269-4878-889D-C8AB4E93F754} - System32\Tasks\{A3BABEF3-078C-4C33-B52B-58FA632D0648} => C:\Program Files\Skype\Phone\Skype.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CAAntiSpywareScan_Daily as Jared at 10 14 AM.job => C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-13 11:19 - 2014-11-13 11:19 - 02902016 _____ () C:\Program Files\AVAST Software\Avast\defs\14111300\algo.dll
2014-01-09 18:36 - 2012-01-17 15:09 - 00022944 _____ () C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2014-01-09 18:36 - 2010-08-22 20:01 - 00325632 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
2014-01-09 18:36 - 2010-08-22 20:01 - 01954304 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
2014-01-09 18:36 - 2010-08-22 20:01 - 07187456 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
2014-01-09 18:36 - 2010-08-22 20:01 - 00847360 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
2014-01-09 18:36 - 2010-08-22 19:32 - 00119808 _____ () C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2014-11-12 10:42 - 2014-11-12 10:42 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00061440 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00131072 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-08-05 11:25 - 2009-08-05 11:25 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00007680 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2010-07-21 17:33 - 2006-08-24 10:45 - 00376832 _____ () C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
2010-07-21 17:33 - 2006-08-24 10:46 - 00315392 _____ () C:\Program Files\DigitalPeers\CamTrack\resources.dll
2014-01-09 18:36 - 2012-01-17 14:27 - 00669696 _____ () C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2006-12-10 20:51 - 2006-12-10 20:51 - 00065536 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
2006-12-10 20:51 - 2006-12-10 20:51 - 00077824 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: cafwc => C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
MSCONFIG\startupreg: capfasem => C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
MSCONFIG\startupreg: cctray => "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
MSCONFIG\startupreg: SeekmoOE => C:\Program Files\Seekmo\bin\10.0.431.0\OEAddOn.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1903400887-3625771325-1800999696-500 - Administrator - Disabled)
Guest (S-1-5-21-1903400887-3625771325-1800999696-501 - Limited - Enabled)
Jared (S-1-5-21-1903400887-3625771325-1800999696-1000 - Administrator - Enabled) => C:\Users\Jared

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #7
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #9
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #10
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #11
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #12
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (11/13/2014 11:49:49 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: CA Personal Firewall -- Error 1706.No valid source could be found for product CA Personal Firewall.  The Windows Installer cannot continue.

Error: (11/13/2014 11:48:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 11:48:13 AM) (Source: UmxCfg) (EventID: 26) (User: )
Description: Error: Cannot load Product Applications(0,C:\Program Files\CA\SharedComponents\HIPSEngine\HIPSEngineApplications.xml). hr=0x800c0006

Error: (11/13/2014 11:11:57 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (11/13/2014 11:11:56 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (11/13/2014 11:01:54 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: CA Personal Firewall -- Error 1706.No valid source could be found for product CA Personal Firewall.  The Windows Installer cannot continue.

Error: (11/13/2014 11:00:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 10:58:11 AM) (Source: UmxCfg) (EventID: 26) (User: )
Description: Error: Cannot load Product Applications(0,C:\Program Files\CA\SharedComponents\HIPSEngine\HIPSEngineApplications.xml). hr=0x800c0006

Error: (11/12/2014 10:36:01 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {874247d8-1e4e-40f6-994a-b8da5f4e09c3}

Error: (11/12/2014 10:33:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/13/2014 11:54:18 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (11/13/2014 11:53:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Presentation Foundation Font Cache 3.0.0.0%%1053

Error: (11/13/2014 11:53:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Presentation Foundation Font Cache 3.0.0.0

Error: (11/13/2014 11:44:56 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (11/13/2014 11:29:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (11/13/2014 11:29:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

Error: (11/13/2014 11:27:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (11/13/2014 11:27:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

Error: (11/13/2014 11:22:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Presentation Foundation Font Cache 3.0.0.0%%1053

Error: (11/13/2014 11:22:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Presentation Foundation Font Cache 3.0.0.0

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-13 13:06:55.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-13 13:06:54.609
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-13 13:06:53.865
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-13 13:06:53.123
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-13 13:06:52.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-13 13:06:51.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-13 13:06:50.667
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-13 13:06:49.904
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-13 13:06:19.552
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-13 13:06:18.806
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 44%
Total physical RAM: 2036.45 MB
Available physical RAM: 1136.84 MB
Total Pagefile: 4318.17 MB
Available Pagefile: 2780.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.44 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:222.85 GB) (Free:155.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.03 GB) (Free:1.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=222.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

Advertisements


#71
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Julie, please do the following. 
 
STEP 1
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • CA Internet Security Suite
    • CA Personal Firewall
    • Yahoo! Toolbar
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: Ensure you decline offers of additional software if applicable. 
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\MountPoints2: {70015490-fad9-11de-b651-806e6f6e6963} - E:\Belkin_Setup_and_Monitor_Install.exe
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=20011&l=dis
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
    HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ask.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
    SearchScopes: HKLM - {146B2238-BBEC-471C-BC30-5DC5DB2BC879} URL = http://search.yahoo....ing}&fr=hp-psdt
    SearchScopes: HKLM - {3643E908-98E6-4AB7-A81E-FA03A71BEB00} URL = http://www.ask.com/w...}&l=dis&o=uscqd
    SearchScopes: HKCU - {146B2238-BBEC-471C-BC30-5DC5DB2BC879} URL = http://search.yahoo....ing}&fr=hp-psdt
    SearchScopes: HKCU - {3643E908-98E6-4AB7-A81E-FA03A71BEB00} URL = http://www.ask.com/w...}&l=dis&o=uscqd
    SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://dl.ask.com/to...m=1&toolbar=GV2
    BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    BHO: No Name -> {201f27d4-3704-41d6-89c1-aa35e39143ed} ->  No File
    Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM - No Name - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -  No File
    CustomCLSID: HKU\S-1-5-21-1903400887-3625771325-1800999696-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-1903400887-3625771325-1800999696-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-1903400887-3625771325-1800999696-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    2014-10-29 21:35 - 2009-05-28 18:58 - 00000000 ____D () C:\Program Files\AskBarDis
    C:\Users\Jared\AppData\Local\Temp\0bi_oyds.dll
    C:\Users\Jared\AppData\Local\Temp\adnp0mua.dll
    C:\Users\Jared\AppData\Local\Temp\AOLFirewallMgr.dll
    C:\Users\Jared\AppData\Local\Temp\dlyp8t4y.dll
    C:\Users\Jared\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv_69d6064f.exe
    C:\Users\Jared\AppData\Local\Temp\jre-6u35-windows-i586-iftw_5b459b33.exe
    C:\Users\Jared\AppData\Local\Temp\m8gmvukt.dll
    C:\Users\Jared\AppData\Local\Temp\ose00000.exe
    C:\Users\Jared\AppData\Local\Temp\progupd.dll
    C:\Users\Jared\AppData\Local\Temp\qvhzokua.dll
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 3
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 4
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

======================================================

STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did the programmes uninstall OK? 
  • Fixlog.txt
  • AdwCleaner[S0].txt
  • JRT.txt

  • 0

#72
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

I uninstalled the listed programs, along with CA Anti-Spyware.  During the uninstall of CA Personal Firewall, I got an error; I've attached a screen capture (similar to the error I got yesterday while trying in Safe Mode, but different number, I think).  I'm assuming that it's okay to proceed with the FRST script?

Attached Thumbnails

  • CAUninstallError.jpg

  • 0

#73
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Oh, and a couple of the CA items said that there were files that would be removed on next reboot.  Should I reboot prior to running FRST?


  • 0

#74
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts
Yes, reboot your machine before proceeding with step 2.

We'll review the situation with CA afterwards.
  • 0

#75
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Okay, I didn't get this in time and didn't reboot before step 2, so keep that in mind when you read the logs:

 

FIXLOG.TXT

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-11-2014
Ran by Jared at 2014-11-13 14:48:59 Run:2
Running from C:\Users\Jared\Desktop
Loaded Profile: Jared (Available profiles: Jared)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\MountPoints2: {70015490-fad9-11de-b651-806e6f6e6963} - E:\Belkin_Setup_and_Monitor_Install.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=20011&l=dis
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ask.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
SearchScopes: HKLM - {146B2238-BBEC-471C-BC30-5DC5DB2BC879} URL = http://search.yahoo....ing}&fr=hp-psdt
SearchScopes: HKLM - {3643E908-98E6-4AB7-A81E-FA03A71BEB00} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKCU - {146B2238-BBEC-471C-BC30-5DC5DB2BC879} URL = http://search.yahoo....ing}&fr=hp-psdt
SearchScopes: HKCU - {3643E908-98E6-4AB7-A81E-FA03A71BEB00} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://dl.ask.com/to...m=1&toolbar=GV2
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: No Name -> {201f27d4-3704-41d6-89c1-aa35e39143ed} ->  No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -  No File
CustomCLSID: HKU\S-1-5-21-1903400887-3625771325-1800999696-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1903400887-3625771325-1800999696-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1903400887-3625771325-1800999696-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2014-10-29 21:35 - 2009-05-28 18:58 - 00000000 ____D () C:\Program Files\AskBarDis
C:\Users\Jared\AppData\Local\Temp\0bi_oyds.dll
C:\Users\Jared\AppData\Local\Temp\adnp0mua.dll
C:\Users\Jared\AppData\Local\Temp\AOLFirewallMgr.dll
C:\Users\Jared\AppData\Local\Temp\dlyp8t4y.dll
C:\Users\Jared\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv_69d6064f.exe
C:\Users\Jared\AppData\Local\Temp\jre-6u35-windows-i586-iftw_5b459b33.exe
C:\Users\Jared\AppData\Local\Temp\m8gmvukt.dll
C:\Users\Jared\AppData\Local\Temp\ose00000.exe
C:\Users\Jared\AppData\Local\Temp\progupd.dll
C:\Users\Jared\AppData\Local\Temp\qvhzokua.dll
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70015490-fad9-11de-b651-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{70015490-fad9-11de-b651-806e6f6e6963}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{146B2238-BBEC-471C-BC30-5DC5DB2BC879}" => Key deleted successfully.
"HKCR\CLSID\{146B2238-BBEC-471C-BC30-5DC5DB2BC879}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3643E908-98E6-4AB7-A81E-FA03A71BEB00}" => Key deleted successfully.
"HKCR\CLSID\{3643E908-98E6-4AB7-A81E-FA03A71BEB00}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{146B2238-BBEC-471C-BC30-5DC5DB2BC879}" => Key deleted successfully.
"HKCR\CLSID\{146B2238-BBEC-471C-BC30-5DC5DB2BC879}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3643E908-98E6-4AB7-A81E-FA03A71BEB00}" => Key deleted successfully.
"HKCR\CLSID\{3643E908-98E6-4AB7-A81E-FA03A71BEB00}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}" => Key deleted successfully.
"HKCR\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}" => Key deleted successfully.
"HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value not found.
"HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} => value deleted successfully.
"HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}" => Key not found.
"HKU\S-1-5-21-1903400887-3625771325-1800999696-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => Key deleted successfully.
"HKU\S-1-5-21-1903400887-3625771325-1800999696-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => Key deleted successfully.
"HKU\S-1-5-21-1903400887-3625771325-1800999696-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\Program Files\AskBarDis => Moved successfully.
C:\Users\Jared\AppData\Local\Temp\0bi_oyds.dll => Moved successfully.
C:\Users\Jared\AppData\Local\Temp\adnp0mua.dll => Moved successfully.
C:\Users\Jared\AppData\Local\Temp\AOLFirewallMgr.dll => Moved successfully.
C:\Users\Jared\AppData\Local\Temp\dlyp8t4y.dll => Moved successfully.
C:\Users\Jared\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv_69d6064f.exe => Moved successfully.
C:\Users\Jared\AppData\Local\Temp\jre-6u35-windows-i586-iftw_5b459b33.exe => Moved successfully.
C:\Users\Jared\AppData\Local\Temp\m8gmvukt.dll => Moved successfully.
C:\Users\Jared\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Jared\AppData\Local\Temp\progupd.dll => Moved successfully.
C:\Users\Jared\AppData\Local\Temp\qvhzokua.dll => Moved successfully.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
A reboot is required to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Reseting Echo Request, OK!
A reboot is required to complete this action.

========= End of CMD: =========

EmptyTemp: => Removed 1.2 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP