Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Chrome hijacked -- Avast blocking constant harmful webpages/files [Clo


  • This topic is locked This topic is locked

#76
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Edited to remove a prior log (from August) that this log (which is correctly today's) appended to.

 

# AdwCleaner v4.101 - Report created 13/11/2014 at 15:10:23
# Updated 09/11/2014 by Xplode
# Database : 2014-11-12.2 [Live]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Jared - JARED-PC
# Running from : C:\Users\Jared\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\841eedee619a4b34
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16592

-\\ Google Chrome v38.0.2125.111

[C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Comodo Dragon v

[C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [12792 octets] - [28/08/2014 11:36:38]
AdwCleaner[R1].txt - [938 octets] - [03/09/2014 07:58:54]
AdwCleaner[R2].txt - [985 octets] - [13/09/2014 14:56:25]
AdwCleaner[S0].txt - [13158 octets] - [28/08/2014 11:40:59]
AdwCleaner[S1].txt - [1045 octets] - [13/09/2014 14:58:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13279 octets] ##########


Edited by Twins_1997, 13 November 2014 - 06:06 PM.

  • 0

Advertisements


#77
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

JRT.TXT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Jared on Thu 11/13/2014 at 15:16:53.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/13/2014 at 15:22:48.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#78
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

OK, lets see a fresh set of FRST logs. 

 

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

  • 0

#79
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Okay, snuck over before my friend left for work but I'm not sure when I'll next make it back.  Here are the FRST logs:

 

FRST.TXT: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2014
Ran by Jared (administrator) on JARED-PC on 14-11-2014 07:50:21
Running from C:\Users\Jared\Desktop
Loaded Profile: Jared (Available profiles: Jared)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Vimicro Corporation) C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
() C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6266880 2008-07-03] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [132760 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM\...\Run: [DVDAgent] => c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-09-09] (CyberLink Corp.)
HKLM\...\Run: [VMonitorVMUVC] => C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [143360 2008-08-29] (Vimicro Corporation)
HKLM\...\Run: [InstaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1884576 2012-01-17] (Affinegy, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-12] (AVAST Software)
Winlogon\Notify\PFW: C:\Windows\system32\UmxWnp.Dll (CA)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)
HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\Run: [AdobeUpdater] => C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2321600 2007-03-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1103472.exe [460216 2009-01-16] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
ShortcutTarget: Snapfish Media Detector.lnk -> C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe ()
Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CamTrack.lnk
ShortcutTarget: CamTrack.lnk -> C:\Program Files\DigitalPeers\CamTrack\camtrack.exe ()
Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x36BDB7D37FFFCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-28]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (Avast Online Security) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-13]
CHR Extension: (Ultimate Football Results) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnpobggldcjebejmndignliobeifocj [2014-08-16]
CHR Extension: (Blipshot  one click screenshots) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaboflcmhejfihjcbmdiebgfchigjcf [2014-08-24]
CHR Extension: (Google Wallet) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Whiskey Militia Countdown Timer) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemfnmdbgcehmkfbgpcimghoopojjchp [2014-08-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-01-17] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-12] (AVAST Software)
S3 CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [214256 2009-09-05] (CA, Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-03-14] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 UmxCfg; "C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [X]
S2 UMxFwHlp; "C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-11-12] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-12] ()
S3 dptrackerd; C:\Windows\System32\drivers\dptrackerd.sys [110080 2006-08-24] (Windows ® 2000 DDK provider) [File not signed]
R1 KmxAgent; C:\Windows\System32\DRIVERS\kmxagent.sys [63504 2008-06-24] (CA)
R2 KmxCF; C:\Windows\System32\DRIVERS\KmxCF.sys [138744 2008-06-24] (CA)
R3 KmxCfg; C:\Windows\System32\DRIVERS\kmxcfg.sys [88816 2008-06-24] (CA)
R1 KmxFile; C:\Windows\System32\DRIVERS\KmxFile.sys [45584 2008-06-24] (CA)
R1 KmxFilter; C:\Windows\System32\DRIVERS\KmxFilter.sys [51728 2007-10-18] (CA)
R0 KmxFw; C:\Windows\System32\DRIVERS\kmxfw.sys [103952 2008-06-24] (CA)
R2 KmxSbx; C:\Windows\System32\DRIVERS\KmxSbx.sys [66576 2008-06-24] (CA)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
S3 netr73; C:\Windows\System32\DRIVERS\WUSB54GCx86.sys [256000 2007-03-11] (Ralink Technology Inc.)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [252416 2009-05-25] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 07:50 - 2014-11-14 07:50 - 00016817 _____ () C:\Users\Jared\Desktop\FRST.txt
2014-11-13 15:22 - 2014-11-13 15:22 - 00000642 _____ () C:\Users\Jared\Desktop\JRT.txt
2014-11-13 15:16 - 2014-11-13 15:16 - 00000000 ____D () C:\Windows\ERUNT
2014-11-13 15:15 - 2014-11-13 15:15 - 00013360 _____ () C:\Users\Jared\Desktop\AdwCleaner[S0].txt
2014-11-13 15:15 - 2014-11-13 13:46 - 01706808 _____ (Thisisu) C:\Users\Jared\Desktop\JRT.exe
2014-11-13 15:04 - 2014-11-13 13:45 - 02140160 _____ () C:\Users\Jared\Desktop\AdwCleaner.exe
2014-11-13 14:08 - 2014-11-13 14:08 - 00001063 _____ () C:\Users\Jared\Desktop\Revo Uninstaller.lnk
2014-11-13 14:08 - 2014-11-13 14:08 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-13 14:08 - 2014-11-13 13:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jared\Desktop\revosetup.exe
2014-11-13 13:03 - 2014-11-13 12:34 - 01108480 _____ (Farbar) C:\Users\Jared\Desktop\FRST.exe
2014-11-13 12:01 - 2014-11-13 12:01 - 01107968 _____ (Farbar) C:\Users\Jared\Downloads\FRST.exe
2014-11-13 11:29 - 2014-10-09 20:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 11:29 - 2014-10-09 20:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 11:29 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 11:29 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 11:28 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 11:28 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 11:27 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 11:27 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 11:18 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 11:14 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 11:14 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 11:14 - 2014-10-02 20:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 11:14 - 2014-10-02 20:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 11:13 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 11:05 - 2014-10-12 18:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 10:43 - 2014-11-12 10:43 - 00001877 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-12 10:43 - 2014-11-12 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-12 10:42 - 2014-11-12 10:42 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-12 10:42 - 2014-11-12 10:42 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-12 10:42 - 2014-11-12 10:42 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-12 10:42 - 2014-11-12 10:42 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-12 10:42 - 2014-11-12 10:42 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-11-12 10:42 - 2014-11-12 10:42 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-11-12 10:42 - 2014-11-12 10:42 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-12 10:42 - 2014-11-12 10:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-12 10:42 - 2014-11-12 10:42 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-12 10:42 - 2014-11-12 10:41 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-12 10:34 - 2014-11-12 10:35 - 05006864 _____ (AVAST Software) C:\Users\Jared\Downloads\avast_free_antivirus_setup_online.exe
2014-11-12 09:47 - 2014-11-14 07:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 09:47 - 2014-11-12 09:47 - 00000905 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-12 09:47 - 2014-11-12 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-12 09:47 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-12 09:47 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-12 09:47 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-12 09:42 - 2014-11-12 09:43 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Jared\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-12 07:42 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 07:42 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 07:42 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 07:42 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 07:42 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 07:42 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 07:42 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 07:42 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 07:42 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 07:42 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 07:42 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 07:42 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 07:42 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 07:42 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 07:42 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 07:42 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 07:42 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 07:42 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 07:42 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 07:42 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 07:42 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-30 07:31 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-10-30 07:31 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-10-30 07:31 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-10-30 07:31 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-30 07:30 - 2014-06-15 17:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-30 07:30 - 2014-06-13 13:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-30 07:30 - 2014-06-13 13:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-30 07:21 - 2014-09-09 01:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-30 07:20 - 2014-08-22 20:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-30 07:18 - 2014-10-30 07:18 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-10-30 07:07 - 2014-09-04 18:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-29 18:15 - 2014-06-02 05:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-29 18:15 - 2014-06-02 05:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-29 18:15 - 2014-06-02 05:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-29 18:15 - 2014-06-02 05:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-29 18:15 - 2014-06-02 03:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-29 18:15 - 2014-04-26 11:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-10-29 18:15 - 2014-04-04 21:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-29 18:15 - 2014-03-25 08:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-29 18:14 - 2014-06-13 19:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-29 18:14 - 2014-06-13 19:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-10-29 18:14 - 2014-06-06 03:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-29 18:14 - 2014-05-30 01:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-29 18:13 - 2014-03-09 20:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-10-29 18:13 - 2014-02-05 20:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-10-29 17:39 - 2014-10-29 17:39 - 00135344 _____ () C:\Windows\Minidump\Mini102914-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 07:50 - 2014-09-10 08:03 - 00000000 ____D () C:\FRST
2014-11-14 07:50 - 2014-08-28 13:30 - 01152410 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 07:46 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 07:45 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 07:45 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-13 20:23 - 2009-09-05 10:27 - 00170406 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k0
2014-11-13 20:23 - 2009-09-05 10:27 - 00000064 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k7
2014-11-13 20:23 - 2009-09-05 10:27 - 00000064 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k6
2014-11-13 20:23 - 2009-09-05 10:27 - 00000064 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k5
2014-11-13 20:23 - 2009-09-05 10:27 - 00000064 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k4
2014-11-13 20:23 - 2009-09-05 10:27 - 00000064 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k3
2014-11-13 20:23 - 2009-09-05 10:27 - 00000064 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k2
2014-11-13 20:23 - 2009-09-05 10:27 - 00000064 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k1
2014-11-13 20:23 - 2006-11-02 08:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-13 15:18 - 2006-11-02 05:33 - 00783502 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-13 15:11 - 2014-09-13 14:45 - 00054406 _____ () C:\Windows\PFRO.log
2014-11-13 15:10 - 2014-08-28 11:36 - 00000000 ____D () C:\AdwCleaner
2014-11-13 14:29 - 2008-05-14 19:13 - 00000000 ____D () C:\Program Files\Yahoo!
2014-11-13 14:07 - 2014-08-28 13:42 - 00002385 _____ () C:\Windows\setupact.log
2014-11-13 12:13 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-13 12:05 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-11-13 11:48 - 2006-11-02 07:47 - 00313568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 11:29 - 2008-09-01 13:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 11:17 - 2009-02-11 19:19 - 00000000 ____D () C:\Users\Jared\AppData\Local\Google
2014-11-13 11:12 - 2013-08-15 09:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 11:07 - 2006-11-02 05:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-13 09:18 - 2008-05-14 19:09 - 00000000 ____D () C:\ProgramData\WildTangent
2014-11-12 10:24 - 2006-11-02 05:23 - 00000219 _____ () C:\Windows\SYSTEM.INI
2014-11-12 09:47 - 2014-04-06 15:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-10 21:33 - 2006-11-02 05:23 - 00000574 _____ () C:\Windows\win.ini
2014-11-05 18:55 - 2011-07-03 17:29 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\HpUpdate
2014-10-30 07:35 - 2006-11-02 07:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-29 21:37 - 2008-09-01 09:14 - 00000000 ____D () C:\Users\Jared
2014-10-29 21:37 - 2006-11-02 05:22 - 44531712 _____ () C:\Windows\system32\config\software_previous
2014-10-29 21:37 - 2006-11-02 05:22 - 18612224 _____ () C:\Windows\system32\config\system_previous
2014-10-29 21:36 - 2010-07-21 18:15 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Skype
2014-10-29 21:36 - 2008-09-01 09:14 - 00000000 ___RD () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-29 21:36 - 2008-09-01 09:14 - 00000000 ___RD () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-29 21:36 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-10-29 21:36 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-10-29 21:35 - 2013-05-21 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-29 21:35 - 2011-11-08 15:56 - 00000000 ____D () C:\Users\Jared\.phet
2014-10-29 21:35 - 2010-01-06 10:21 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-10-29 21:35 - 2009-02-11 17:22 - 00000000 ____D () C:\Program Files\Google
2014-10-29 21:35 - 2008-09-01 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-29 21:35 - 2008-09-01 13:21 - 00000000 ____D () C:\Users\Jared\AppData\Local\Microsoft Help
2014-10-29 21:35 - 2008-09-01 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2014-10-29 21:35 - 2008-09-01 09:18 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-10-29 21:35 - 2008-05-14 19:07 - 00000000 ____D () C:\Program Files\PC-Doctor 5 for Windows
2014-10-29 21:35 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-10-29 21:17 - 2009-09-05 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CA
2014-10-29 21:11 - 2006-11-02 05:22 - 39321600 _____ () C:\Windows\system32\config\components_previous
2014-10-29 21:11 - 2006-11-02 05:22 - 00057344 _____ () C:\Windows\system32\config\sam_previous
2014-10-29 18:30 - 2013-05-21 18:22 - 00001977 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-29 18:28 - 2013-05-21 18:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-29 18:28 - 2013-05-21 18:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-29 17:40 - 2008-09-01 09:24 - 00079296 _____ () C:\Users\Jared\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-29 17:39 - 2009-10-03 16:47 - 95695024 _____ () C:\Windows\MEMORY.DMP
2014-10-29 17:39 - 2009-10-03 16:47 - 00000000 ____D () C:\Windows\Minidump
2014-10-29 06:46 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-10-29 06:40 - 2006-11-02 05:22 - 00024576 _____ () C:\Windows\system32\config\security_previous
2014-10-28 05:35 - 2011-04-24 17:24 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-23 07:47 - 2008-09-01 16:24 - 00030179 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Jared\AppData\Local\Temp\Quarantine.exe
C:\Users\Jared\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-14 07:52

==================== End Of Log ============================

 

 

 

 

ADDITION.TXT:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-11-2014
Ran by Jared at 2014-11-14 07:51:33
Running from C:\Users\Jared\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
5600 (Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
AIO_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version:  - )
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
CamTrack (HKLM\...\CamTrack_is1) (Version: 2.3.0 - Digital Peers)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1329 - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2726 - CyberLink Corp.)
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4748.24 - PC-Doctor, Inc.)
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2 - HP) Hidden
HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Demo (HKLM\...\{44F3AD4C-D8A0-40DD-94A1-7443BE9953C7}_is1) (Version: HP Demo - Hewlett-Packard)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP MediaSmart DVD (HKLM\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.2.3309 - Hewlett-Packard)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
HPTCSSetup (HKLM\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java™ SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2529 - CyberLink Corp.)
LightScribe System Software (HKLM\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5657 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Snapfish Picture Mover (HKLM\...\{029B5901-1F27-4347-9923-E8ACC8F54E15}) (Version: 1.9.0.16 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
sp44626 (HKLM\...\sp44626) (Version:  - Hewlett-Packard)
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vimicro USB2.0 UVC PC Camera (HKLM\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

29-10-2014 22:58:26 Windows Update
30-10-2014 11:38:43 Windows Update
31-10-2014 22:42:44 Scheduled Checkpoint
01-11-2014 14:06:31 Scheduled Checkpoint
02-11-2014 13:18:09 Scheduled Checkpoint
03-11-2014 13:10:23 Scheduled Checkpoint
04-11-2014 13:09:16 Scheduled Checkpoint
05-11-2014 18:18:24 Windows Update
08-11-2014 12:40:26 Scheduled Checkpoint
10-11-2014 22:35:36 Scheduled Checkpoint
11-11-2014 23:53:48 Scheduled Checkpoint
12-11-2014 12:29:43 Windows Update
12-11-2014 15:36:19 avast! antivirus system restore point
13-11-2014 16:04:35 Windows Update
13-11-2014 19:09:38 Revo Uninstaller's restore point - CA Anti-Spyware
13-11-2014 19:10:11 Removed .
13-11-2014 19:20:56 Revo Uninstaller's restore point - CA Internet Security Suite
13-11-2014 19:24:08 Revo Uninstaller's restore point - CA Personal Firewall
13-11-2014 19:24:26 Removed .
13-11-2014 19:29:13 Revo Uninstaller's restore point - Yahoo! Toolbar

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {A1BB6C56-7AE3-4F5D-B879-2E0F3315DAD0} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {A4B7A9E3-5EF7-42E8-AF9B-C0FCD9A9A763} - System32\Tasks\Microsoft\Windows\RestartManager\{79F825F3-6C25-43e4-A140-8F7F34274CDD} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {B39F199A-525E-4137-B74A-58BB8A9BA32B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-12] (AVAST Software)
Task: {D070AD3B-6A4C-4757-B3E9-8A7AA65A8F4D} - System32\Tasks\{81EA3D94-29B1-48AB-84B5-BA113939A8DF} => Iexplore.exe http://www.skype.com...LastError=12002
Task: {D4C8DD1D-FFF7-4EE1-A7DB-3F23F51D10E3} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {E0917328-6F0D-4524-B6FC-3DD92C166584} - System32\Tasks\{34367977-7C60-429D-B659-8D0E625635B8} => Iexplore.exe http://www.skype.com...LastError=12002
Task: {E0CD51B7-C269-4878-889D-C8AB4E93F754} - System32\Tasks\{A3BABEF3-078C-4C33-B52B-58FA632D0648} => C:\Program Files\Skype\Phone\Skype.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (whitelisted) =============

2014-11-13 13:07 - 2014-11-13 13:08 - 02902016 _____ () C:\Program Files\AVAST Software\Avast\defs\14111301\algo.dll
2014-01-09 18:36 - 2010-08-22 20:01 - 00325632 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
2014-01-09 18:36 - 2010-08-22 20:01 - 01954304 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
2014-01-09 18:36 - 2010-08-22 20:01 - 07187456 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
2014-01-09 18:36 - 2010-08-22 20:01 - 00847360 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
2014-01-09 18:36 - 2010-08-22 19:32 - 00119808 _____ () C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2014-11-12 10:42 - 2014-11-12 10:42 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00061440 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00131072 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-08-05 11:25 - 2009-08-05 11:25 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00007680 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2014-01-09 18:36 - 2012-01-17 15:09 - 00022944 _____ () C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2010-07-21 17:33 - 2006-08-24 10:45 - 00376832 _____ () C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
2010-07-21 17:33 - 2006-08-24 10:46 - 00315392 _____ () C:\Program Files\DigitalPeers\CamTrack\resources.dll
2014-01-09 18:36 - 2012-01-17 14:27 - 00669696 _____ () C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2006-12-10 20:51 - 2006-12-10 20:51 - 00065536 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
2006-12-10 20:51 - 2006-12-10 20:51 - 00077824 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: cafwc => C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
MSCONFIG\startupreg: capfasem => C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
MSCONFIG\startupreg: cctray => "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
MSCONFIG\startupreg: SeekmoOE => C:\Program Files\Seekmo\bin\10.0.431.0\OEAddOn.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1903400887-3625771325-1800999696-500 - Administrator - Disabled)
Guest (S-1-5-21-1903400887-3625771325-1800999696-501 - Limited - Enabled)
Jared (S-1-5-21-1903400887-3625771325-1800999696-1000 - Administrator - Enabled) => C:\Users\Jared

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #7
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #9
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #10
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #11
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #12
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2014 07:46:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/14/2014 07:46:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: HIPS Firewall Helper%%3

Error: (11/14/2014 07:46:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: HIPS Configuration Interpreter%%3

Error: (11/14/2014 07:45:50 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:44:33 AM on 11/14/2014 was unexpected.

Error: (11/13/2014 08:08:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection

Error: (11/13/2014 07:12:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Error: (11/13/2014 05:24:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection

Error: (11/13/2014 05:03:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection

Error: (11/13/2014 04:26:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection

Error: (11/13/2014 03:24:45 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -Embedding2{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-14 07:51:21.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-14 07:51:21.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-14 07:51:20.168
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-14 07:51:19.279
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-14 07:49:09.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-13 18:50:54.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-13 17:36:22.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-13 17:36:22.106
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-13 17:36:21.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-13 16:42:59.998
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 54%
Total physical RAM: 2036.45 MB
Available physical RAM: 930.05 MB
Total Pagefile: 4316.17 MB
Available Pagefile: 2917.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.7 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:222.85 GB) (Free:153.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.03 GB) (Free:1.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=222.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#80
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Julie, 
 
Just a few leftovers from CA. 
We then need to run a couple of scans for malware remnants. 
 
Please let me know how the PC is performing after completing the steps below. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    ​CloseProcesses:
    Winlogon\Notify\PFW: C:\Windows\system32\UmxWnp.Dll (CA)
    S3 CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [214256 2009-09-05] (CA, Inc.)
    S2 UmxCfg; "C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [X]
    S2 UMxFwHlp; "C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe" [X]
    reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cafwc" /f
    reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\capfasem" /f
    reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cctray" /f
    2014-10-29 21:17 - 2009-09-05 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CA
    C:\Program Files\CA
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • MBAM Scan log
  • ESET Online Scan log
  • Update on computer

  • 0

#81
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Three logs below; update on computer in the following post.  Eset threats appear to be quarantined stuff.

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-11-2014
Ran by Jared at 2014-11-19 09:25:40 Run:3
Running from C:\Users\Jared\Desktop
Loaded Profile: Jared (Available profiles: Jared)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
Winlogon\Notify\PFW: C:\Windows\system32\UmxWnp.Dll (CA)
S3 CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [214256 2009-09-05] (CA, Inc.)
S2 UmxCfg; "C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [X]
S2 UMxFwHlp; "C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe" [X]
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cafwc" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\capfasem" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cctray" /f
2014-10-29 21:17 - 2009-09-05 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CA
C:\Program Files\CA
EmptyTemp:
end
*****************
 
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW" => Key deleted successfully.
CaCCProvSP => Service deleted successfully.
UmxCfg => Service deleted successfully.
UMxFwHlp => Service deleted successfully.
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cafwc" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\capfasem" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cctray" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CA => Moved successfully.
C:\Program Files\CA => Moved successfully.
EmptyTemp: => Removed 161.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/19/2014
Scan Time: 9:49:34 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.19.05
Rootkit Database: v2014.11.18.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Jared
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316628
Time Elapsed: 13 min, 48 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
C:\AdwCleaner\Quarantine\C\Program Files\AskBarDis\bar\bin\askBar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskBarDis\bar\bin\askPopStp.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Jared\AppData\Roaming\VOPackage\runasu.exe.vir Win32/VOPackage.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jared\AppData\Roaming\VOPackage\Uninstall.exe.vir Win32/VOPackage.J potentially unwanted application
C:\FRST\Quarantine\C\Program Files\AskBarDis\bar\bin\askBar.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\FRST\Quarantine\C\Program Files\AskBarDis\bar\bin\askPopStp.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
 
 
 
 

  • 0

#82
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

First, one quick note on Malwarebytes:  my friend wound up purchasing a subscription back in August before she called me for assistance.  It runs on start-up.  I have also installed Avast, so both are always running.  I'm not sure whether or not this is overkill, but since this is the second time that her computer has had some infections (a different friend helped her out the last time; perhaps this instance was remnants of the last one, or perhaps it was a new infection; he's not someone I'm acquainted with so I can't ask), a little overkill probably isn't a bad thing.  I've been telling her things to watch out for and not to click on, and hopefully that will help.  Anyway, the first time I tried to run Malwarebytes this AM, I got a short message saying that the system had too many 16-bit files open, and couldn't run the program, and suggested that I increase the "Files= " line in some file (I'm guessing that it's in config.sys, or at least that's where it would have been back in my DOS days...).  Anyway, the computer then shut itself off -- no reboot, just complete off.

 

I rebooted, didn't open Chrome that time, closed out the HP Advisor program, and tried again, and Malwarebytes ran fine that time.

 

In general, we're not getting any strange behavior, except for an occasional refusal on the computer's part to awake from sleep mode.  No amount of coercion, sweet talk, or sledge hammering works, and the only option seems to be completely unplugging it, clearing the capacitors (by that I mean just turning it off and on, unplugged a couple of times -- not sure what that is actually called...), and turning it back on.  That's never fun, because between Avast, Malwarebytes, HP Advisor, and various other update checks, it can take about five minutes before the computer is ready to run with any appreciable speed.  I will probably remove HP Advisor from start-up, and take a look at whether there's any other bloatware that can go.  But at least we have no pop-ups, redirects, or other suspicious stuff going on.


  • 0

#83
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Julie, 
 
Those logs look good. At this point, I believe any remaining issues can be attributed to non-malware issues. 
 

I'm not sure whether or not this is overkill

Running avast! with Malwarebytes Anti-Malware Premium is fine, and not something I would consider overkill.
 

I've been telling her things to watch out for and not to click on, and hopefully that will help.

I will provide a list of recommended reading material and programmes that should help reduce the risk of reinfection.
 

except for an occasional refusal on the computer's part to awake from sleep mode.

This is a common occurrence. Have a read of the article below, and see if it helps.
http://support.microsoft.com/kb/266283
 

it can take about five minutes before the computer is ready to run with any appreciable speed.

Please do the following, and let me know how you get on. 
 
F0hoanr.png Clean Boot

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type msconfig and click OK.
  • If prompted for an administrator password or for confirmation, type the password, or provide confirmation.
  • In the General tab, click Selective Startup.
  • Remove the checkmark next to Load startup items.
  • Click the Services tab.
  • Place a checkmark next to Hide all Microsoft services.
  • Click Disable all, followed by OK.
  • When prompted, click Restart and boot normally into Windows.
  • Check your computer startup performance.

  • 0

#84
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Okay, thanks, Adam.  It will probably be Wednesday again before I'm able to get onto her computer again, but I'll give that a try. 

And thank you so much for all of your help and your patience.


  • 0

#85
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Julie, 

 

Do you still require assistance?


  • 0

Advertisements


#86
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP