If someone could help my daughters laptop is running extremely slow and is having a lot of popups. Any help would be greatly appreciated..
Thank you
Tracy
Daughters laptop running extremely slow and popups [Closed]
Started by
busymomof4kids
, Sep 12 2014 06:59 AM
-
This topic is locked
#2
Posted 12 September 2014 - 07:35 AM
23red
-
- Malware Removal
-
- 1,797 posts
Trusted Helper
Hi busymomof4kids 
I'm 23red, and it'll be my pleasure to assist you with your problem.
Please keep these guidelines in mind as we proceed :
• Please make sure to carefully read every post completely before doing anything.
• If you're not sure, or if something unexpected happens do not continue! Stop and ask! It is not a problem.
• Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.
• Please stick with me until all malware is gone from your system. Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear.
• Please copy/paste to Notepad and save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
• As I am currently in training, I will be helping you under the supervision of our Expert Teachers. As such, there will likely be a delay between posts. I do my best to respond as quick as I can. I, like everyone else here am also a volunteer and sometimes life keeps me busy 
• Thank you for your understanding and I appreciate your patience.
Let's do this so we can have a look:
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
#3
Posted 12 September 2014 - 09:48 AM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Sarah (administrator) on SARAH-HP on 12-09-2014 11:34:06
Running from C:\Users\Sarah\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\ccsvchst.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Whilokii\updateWhilokii.exe
() C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\ccsvchst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Whilokii\bin\Whilokii.PurBrowse64.exe
() C:\Program Files (x86)\Whilokii\bin\Whilokii.BrowserAdapter.exe
() C:\Program Files (x86)\Whilokii\bin\Whilokii.BrowserAdapter64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Temp\GoogleUpdateSetup.exe5aa832
(Google Inc.) C:\Users\Sarah\AppData\Local\Temp\GUM3716.tmp\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\symerr.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Sarah\Downloads\FRST64 (2).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-09-12] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\...\Run: [Google Update] => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-25] (Google Inc.)
HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [37904960 2013-04-02] (ooVoo LLC)
HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\...\MountPoints2: {9581de0b-ea57-11e1-a685-806e6f6e6963} - G:\setup.exe -a
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM - {E59F3F0D-2F9A-41DB-BB93-898062EAD357} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={180BD476-E6DC-419E-8D98-E266A453859E}&mid=7025a5a86ed847d3838b9557e7229111-23912a78c79a119d8485070cf919c90e618646cb&lang=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-10-19 10:27:27&v=17.0.1.12&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: GreatArcadeHits Add-on -> {D0C21091-FF8E-432C-9006-0540E81BA9D7} -> C:\Users\Sarah\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://mysearch.avg.com?cid={180BD476-E6DC-419E-8D98-E266A453859E}&mid=7025a5a86ed847d3838b9557e7229111-23912a78c79a119d8485070cf919c90e618646cb&lang=en&ds=co011&coid=avgtbdisco&pr=sa&d=&v=18.1.7.598&pid=safeguard&sg=0&sap=hp
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn [2014-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn [2013-04-02]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-09-12]
FF HKCU\...\Firefox\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Users\Sarah\AppData\Local\GreatArcadeHits\gahff.xpi
FF Extension: GreatArcadeHits Add-on - C:\Users\Sarah\AppData\Local\GreatArcadeHits\gahff.xpi [2013-08-14]
FF Extension: No Name - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\[email protected] [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={180BD476-E6DC-419E-8D98-E266A453859E}&mid=7025a5a86ed847d3838b9557e7229111-23912a78c79a119d8485070cf919c90e618646cb&lang=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-10-19 10:27:27&v=18.1.7.598&pid=safeguard&sg=0&sap=hp
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={180BD476-E6DC-419E-8D98-E266A453859E}&mid=7025a5a86ed847d3838b9557e7229111-23912a78c79a119d8485070cf919c90e618646cb&lang=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-10-19 10:27:27&v=18.1.7.598&pid=safeguard&sg=0&sap=hp"
CHR DefaultSearchKeyword: Default -> mysearch.avg.com
CHR DefaultSearchProvider: Default -> AVG Secure Search
CHR DefaultSearchURL: Default -> http://mysearch.avg.com/search?cid={180BD476-E6DC-419E-8D98-E266A453859E}&mid=7025a5a86ed847d3838b9557e7229111-23912a78c79a119d8485070cf919c90e618646cb&lang=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-10-19 10:27:27&v=17.0.0.12&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://toolbar.avg.c...earchTerms}&o=1
CHR Profile: C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-15]
CHR Extension: (Google Drive) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-15]
CHR Extension: (Norton Security Toolbar) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-06-27]
CHR Extension: (YouTube) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-25]
CHR Extension: (Google Search) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-25]
CHR Extension: (Skype Click to Call) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-02-18]
CHR Extension: (Google Wallet) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR Extension: (GreatArcadeHits) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh [2013-10-19]
CHR Extension: (Gmail) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-25]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR StartMenuInternet: Google Chrome - C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-17] (Advanced Micro Devices, Inc.) [File not signed]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [323352 2014-09-12] ()
R2 Util Whilokii; C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe [323352 2014-09-12] ()
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-09-12] (AVG Secure Search)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-12] (AVG Technologies)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [1525848 2013-09-24] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130927.002\IDSvia64.sys [520280 2013-08-25] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130927.018\ENG64.SYS [126040 2013-09-02] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130927.018\EX64.SYS [2099288 2013-09-02] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R1 {fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64; C:\Windows\System32\drivers\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64.sys [61112 2014-06-09] (StdLib)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-12 11:32 - 2014-09-12 11:33 - 02105856 _____ (Farbar) C:\Users\Sarah\Downloads\FRST64 (2).exe
2014-09-12 10:44 - 2014-09-12 11:36 - 00026524 _____ () C:\Users\Sarah\Downloads\FRST.txt
2014-09-12 10:43 - 2014-09-12 11:34 - 00000000 ____D () C:\FRST
2014-09-12 10:42 - 2014-09-12 10:42 - 02105856 _____ (Farbar) C:\Users\Sarah\Downloads\FRST64.exe
2014-09-12 10:42 - 2014-09-12 10:42 - 02105856 _____ (Farbar) C:\Users\Sarah\Downloads\FRST64 (1).exe
2014-09-12 10:41 - 2014-09-12 10:41 - 01097728 _____ (Farbar) C:\Users\Sarah\Downloads\FRST.exe
2014-09-12 10:39 - 2014-09-12 10:39 - 00003304 _____ () C:\Windows\System32\Tasks\PCHB_WaitAndStartAfter
2014-09-12 10:38 - 2014-09-12 10:38 - 00001078 _____ () C:\Users\Public\Desktop\PC HealthBoost.lnk
2014-09-12 10:38 - 2014-09-12 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost
2014-09-12 10:38 - 2014-09-12 10:38 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-09-12 10:38 - 2014-09-12 10:38 - 00000000 ____D () C:\Program Files (x86)\PC HealthBoost
2014-09-12 10:35 - 2014-09-12 10:36 - 03079136 _____ (BoostSoftware Inc. ) C:\Users\Sarah\Downloads\PCHealthBoost-Setup.exe
2014-09-12 09:51 - 2014-09-12 09:51 - 00003480 ____N () C:\bootsqm.dat
2014-09-12 09:48 - 2014-09-12 09:48 - 00000000 __SHD () C:\found.000
2014-09-12 09:07 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-12 09:07 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-12 09:07 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-12 09:07 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-12 09:02 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-12 09:02 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-12 09:02 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-12 09:02 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-12 08:48 - 2014-09-12 08:48 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-12 11:37 - 2011-12-25 13:37 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9603BC86-A81E-4F00-97E9-24E3BAAE7AF6}
2014-09-12 11:36 - 2014-09-12 10:44 - 00026524 _____ () C:\Users\Sarah\Downloads\FRST.txt
2014-09-12 11:35 - 2011-08-21 10:06 - 00430807 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 11:34 - 2014-09-12 10:43 - 00000000 ____D () C:\FRST
2014-09-12 11:33 - 2014-09-12 11:32 - 02105856 _____ (Farbar) C:\Users\Sarah\Downloads\FRST64 (2).exe
2014-09-12 11:24 - 2013-10-19 10:24 - 00000292 _____ () C:\Windows\Tasks\DigitalSite.job
2014-09-12 11:12 - 2011-12-25 13:53 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001UA.job
2014-09-12 10:51 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 10:51 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 10:42 - 2014-09-12 10:42 - 02105856 _____ (Farbar) C:\Users\Sarah\Downloads\FRST64.exe
2014-09-12 10:42 - 2014-09-12 10:42 - 02105856 _____ (Farbar) C:\Users\Sarah\Downloads\FRST64 (1).exe
2014-09-12 10:41 - 2014-09-12 10:41 - 01097728 _____ (Farbar) C:\Users\Sarah\Downloads\FRST.exe
2014-09-12 10:39 - 2014-09-12 10:39 - 00003304 _____ () C:\Windows\System32\Tasks\PCHB_WaitAndStartAfter
2014-09-12 10:38 - 2014-09-12 10:38 - 00001078 _____ () C:\Users\Public\Desktop\PC HealthBoost.lnk
2014-09-12 10:38 - 2014-09-12 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost
2014-09-12 10:38 - 2014-09-12 10:38 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-09-12 10:38 - 2014-09-12 10:38 - 00000000 ____D () C:\Program Files (x86)\PC HealthBoost
2014-09-12 10:36 - 2014-09-12 10:35 - 03079136 _____ (BoostSoftware Inc. ) C:\Users\Sarah\Downloads\PCHealthBoost-Setup.exe
2014-09-12 10:12 - 2011-12-25 13:53 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001Core.job
2014-09-12 10:07 - 2011-12-25 13:53 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001UA
2014-09-12 10:07 - 2011-12-25 13:53 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001Core
2014-09-12 10:01 - 2009-07-14 01:13 - 00006426 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 09:55 - 2009-07-13 22:34 - 00000505 _____ () C:\Windows\win.ini
2014-09-12 09:53 - 2012-01-04 23:37 - 00000000 ____D () C:\ProgramData\Kodak
2014-09-12 09:52 - 2013-10-19 10:24 - 00000000 ____D () C:\Program Files (x86)\Whilokii
2014-09-12 09:52 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 09:52 - 2009-07-14 00:51 - 00081625 _____ () C:\Windows\setupact.log
2014-09-12 09:51 - 2014-09-12 09:51 - 00003480 ____N () C:\bootsqm.dat
2014-09-12 09:48 - 2014-09-12 09:48 - 00000000 __SHD () C:\found.000
2014-09-12 09:18 - 2014-06-30 00:38 - 00000000 ____D () C:\da7b97d4a0d433610240e4
2014-09-12 08:56 - 2013-10-19 10:25 - 00000276 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-09-12 08:52 - 2013-10-19 10:26 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-09-12 08:48 - 2014-09-12 08:48 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-09-12 08:46 - 2013-08-02 16:32 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\HpUpdate
2014-09-12 08:45 - 2013-10-26 20:23 - 00001350 _____ () C:\Users\Sarah\Desktop\Clean Registry for Free!.lnk
2014-09-12 08:45 - 2013-10-19 10:25 - 00000272 _____ () C:\Windows\Tasks\GreatArcadeHits.job
2014-09-12 08:43 - 2013-10-19 11:24 - 00000143 _____ () C:\Users\Sarah\AppData\Roaming\WB.CFG
2014-09-12 08:42 - 2013-10-19 10:27 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-01-13 19:42
==================== End Of Log ============================
#4
Posted 12 September 2014 - 09:50 AM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Sarah at 2014-09-12 11:38:16
Running from C:\Users\Sarah\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security Suite (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.181.14 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.3.4.0 - Your Company Name) Hidden
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0616.2209.37946 - AMD) Hidden
AMD Media Foundation Decoders (Version: 1.0.60616.2211 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0616.2209.37946 - ATI) Hidden
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{72927D2A-ADEF-786D-91E3-06CEFD60D107}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0616.2209.37946 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0616.2209.37946 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0616.2209.37946 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help English (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help French (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help German (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0616.2208.37946 - ATI) Hidden
ccc-utility64 (Version: 2011.0616.2209.37946 - ATI) Hidden
center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.4119 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2012.11.9.0 - ) <==== ATTENTION
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GreatArcadeHits (HKCU\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 1.0.057 - Hewlett-Packard) Hidden
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{00A42832-B21A-4296-B5F4-D296D0BC4A3E}) (Version: 2.6.3 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.0.3.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.6.12.20 - Eastman Kodak Company)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (x32 Version: 4.0.3205.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Mozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - MyPC Backup) <==== ATTENTION
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Security Suite (HKLM-x32\...\N360) (Version: 20.5.0.28 - Symantec Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.7046 - ooVoo LLC.)
Open It! (HKLM-x32\...\OpenIt Open It!) (Version: 1.1.1 - OpenIt)
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
PC HealthBoost 3.0.5 (HKLM-x32\...\PCHealthBoost_is1) (Version: 3.0.5 - Boost Software Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.07.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Zip Extractor (HKCU\...\DigitalSite) (Version: - ) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Whilokii 1.0.0 (HKLM\...\Whilokii) (Version: 1.0.0 - Whilokii) <==== ATTENTION
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2789968882-3570388344-1764720213-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2789968882-3570388344-1764720213-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2789968882-3570388344-1764720213-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
19-10-2013 07:00:22 Windows Update
20-10-2013 07:00:26 Windows Update
24-10-2013 17:33:40 Installed Java 7 Update 45
25-10-2013 07:02:26 Windows Update
08-01-2014 01:02:57 Windows Update
08-01-2014 15:59:32 Windows Update
09-03-2014 14:08:36 Windows Update
31-05-2014 19:49:19 Windows Update
31-05-2014 19:54:57 Installed Java 7 Update 60
12-09-2014 12:54:06 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2013-10-15 11:16 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {23C99716-438E-483F-BB05-277C3A9BF959} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {34C50D24-EA8F-4286-9788-4637B82CB11F} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {5882B356-E4D2-4A0E-AF40-110DD9C7817C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {5E601138-2C69-46BB-BB66-A45744F6450A} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5EF799C5-E02C-4E8C-95B3-99C79A9F14B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001Core => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-25] (Google Inc.)
Task: {8457E2CE-A566-42CD-B1E7-B1E78D299566} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-07-22] (Systweak Inc) <==== ATTENTION
Task: {91B6E374-DDC0-4DEF-80C0-D784F26CEE72} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-07-22] (Systweak Inc) <==== ATTENTION
Task: {91DE14E4-BF4D-45F6-B36B-D3DC51F58C26} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {96BF8A59-FA09-4DE7-997B-0076E665918B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {9E857B23-8BF9-4634-A56C-AE82C4D5D29D} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2012-11-09] (Trusted Software ApS) <==== ATTENTION
Task: {A8197B8C-C993-4FC7-8667-553022A1D991} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-07-22] (Systweak Inc) <==== ATTENTION
Task: {C2A83697-7519-402A-80BD-BED9DF09BE05} - System32\Tasks\PCHB_WaitAndStartAfter => \PCHealthBoost.exe
Task: {E85A7901-16E7-44DE-AB8F-F0B49C0B0151} - System32\Tasks\GreatArcadeHits => C:\Users\Sarah\AppData\Local\GreatArcadeHits\GAHUpdate.exe [2013-08-14] () <==== ATTENTION
Task: {E955B2F0-FEB9-4998-9B09-F68CC7F24D4C} - System32\Tasks\0414cUpdateInfo => C:\ProgramData\Avg_Update_0414c\0414c_{3483784A-BBF1-40C0-811B-73E239A6D24F}.exe [2014-05-31] ()
Task: {EB124D1E-3B79-45E6-B479-04894E72DB69} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001UA => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-25] (Google Inc.)
Task: {F930284D-7017-47D9-9C53-BA93ECDFB061} - System32\Tasks\DigitalSite => C:\Users\Sarah\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {FE92BB01-FDDA-4DC4-BA8A-30B4D227F1A0} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe [2012-11-09] ( ) <==== ATTENTION
Task: C:\Windows\Tasks\0414cUpdateInfo.job => C:\ProgramData\Avg_Update_0414c\0414c_{3483784A-BBF1-40C0-811B-73E239A6D24F}.exe
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Sarah\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001Core.job => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001UA.job => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GreatArcadeHits.job => C:\Users\Sarah\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2011-06-17 01:20 - 2011-06-17 01:20 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-04 21:05 - 2014-09-12 08:44 - 00323352 _____ () C:\Program Files (x86)\Whilokii\updateWhilokii.exe
2013-10-20 17:26 - 2014-09-12 08:48 - 00323352 _____ () C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
2014-09-12 08:58 - 2014-09-12 08:42 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2011-12-19 23:34 - 2011-12-19 23:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2013-09-19 18:37 - 2013-09-19 18:37 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2013-09-19 18:32 - 2013-09-19 18:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2013-10-19 10:26 - 2014-09-12 08:42 - 02640408 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-09-12 09:55 - 2014-09-05 14:57 - 00287000 _____ () C:\Program Files (x86)\Whilokii\bin\Whilokii.PurBrowse64.exe
2014-06-27 11:33 - 2014-09-11 19:47 - 00098584 _____ () C:\Program Files (x86)\Whilokii\bin\Whilokii.BrowserAdapter.exe
2014-09-12 08:42 - 2014-09-11 19:47 - 00114968 _____ () C:\Program Files (x86)\Whilokii\bin\Whilokii.BrowserAdapter64.exe
2011-06-17 01:20 - 2011-06-17 01:20 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-06-17 01:08 - 2011-06-17 01:08 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 16:42 - 2011-06-17 16:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-12 08:58 - 2014-09-12 08:42 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-05-31 16:04 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON SECURITY SUITE\ENGINE\20.5.0.28\wincfi39.dll
2009-04-16 14:02 - 2009-04-16 14:02 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-03-09 10:51 - 2014-03-01 22:35 - 00051016 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-09-12 08:42 - 2014-09-11 19:47 - 00195352 _____ () C:\Program Files (x86)\Whilokii\bin\fed5e6b24fc443ba8e95.dll
2014-03-09 10:51 - 2014-03-01 22:35 - 00716616 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-09 10:51 - 2014-03-01 22:35 - 00100168 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-09 10:51 - 2014-03-01 22:35 - 04061000 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-09 10:52 - 2014-03-01 22:35 - 00394568 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-09 10:51 - 2014-03-01 22:35 - 01647432 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2014-03-09 10:52 - 2014-03-01 22:35 - 13632840 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/12/2014 11:15:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64 (1).exe version 10.9.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1094
Start Time: 01cfce97e3af9b3f
Termination Time: 60000
Application Path: C:\Users\Sarah\Downloads\FRST64 (1).exe
Report Id: 42b806fd-3a8f-11e4-ac53-441ea1c678e2
Error: (09/12/2014 10:29:46 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml Type: 45::InvalidMetadataFile.
Error: (09/12/2014 10:29:46 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml
Error: (09/12/2014 10:29:19 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
Error: (09/12/2014 10:29:15 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml
Error: (09/12/2014 10:01:42 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (09/12/2014 10:01:42 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (09/12/2014 09:54:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/12/2014 09:53:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 24.1.168.192.in-addr.arpa. PTR Sarah-HP.local.
Error: (09/12/2014 09:53:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.24:5353 18 24.1.168.192.in-addr.arpa. PTR Sarah-HP-2.local.
System errors:
=============
Error: (09/12/2014 10:03:39 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer HOME-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6C4E4336-ADC9-44E9-B695-60D3071EA01D}.
The master browser is stopping or an election is being forced.
Error: (09/12/2014 09:58:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2
Error: (09/12/2014 09:53:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053
Error: (09/12/2014 09:53:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
Error: (09/12/2014 09:52:49 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:39:28 AM on 9/12/2014 was unexpected.
Error: (09/12/2014 09:38:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 4.5.1 for Windows 7 x64-based Systems (KB2858725).
Error: (09/12/2014 09:38:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (09/12/2014 08:51:41 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer HOME-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6C4E4336-ADC9-44E9-B695-60D3071EA01D}.
The master browser is stopping or an election is being forced.
Error: (09/12/2014 08:46:47 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
Error: (09/12/2014 08:46:46 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
Microsoft Office Sessions:
=========================
Error: (09/12/2014 11:15:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64 (1).exe10.9.2014.0109401cfce97e3af9b3f60000C:\Users\Sarah\Downloads\FRST64 (1).exe42b806fd-3a8f-11e4-ac53-441ea1c678e2
Error: (09/12/2014 10:29:46 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml Type: 45::InvalidMetadataFile.
Error: (09/12/2014 10:29:46 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml
Error: (09/12/2014 10:29:19 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
Error: (09/12/2014 10:29:15 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml
Error: (09/12/2014 10:01:42 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (09/12/2014 10:01:42 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (09/12/2014 09:54:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/12/2014 09:53:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 24.1.168.192.in-addr.arpa. PTR Sarah-HP.local.
Error: (09/12/2014 09:53:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.24:5353 18 24.1.168.192.in-addr.arpa. PTR Sarah-HP-2.local.
==================== Memory info ===========================
Processor: AMD C-50 Processor
Percentage of memory in use: 88%
Total physical RAM: 1642.91 MB
Available physical RAM: 196.83 MB
Total Pagefile: 3397.81 MB
Available Pagefile: 1052.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:214.16 GB) (Free:154.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:14.56 GB) (Free:1.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 16CC72E1)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=214.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
==================== End Of Log ============================
#5
Posted 13 September 2014 - 06:29 PM
23red
-
- Malware Removal
-
- 1,797 posts
Trusted Helper
Hi busymomof4kids
Thank you for the logs, I'm about finished going through them and preparing a fix for you. If you click on the Follow this Topic button at the top of this page, you'll be notified by email when a post is made for you here.
I'm going quick as I can! Thank you for your patience, it shouldn't be too much longer
#6
Posted 14 September 2014 - 11:28 AM
23red
-
- Malware Removal
-
- 1,797 posts
Trusted Helper
Hi Tracy
Welcome!
Thank you again for the logs
There is a bit of junk on the computer that would actually cause the described symptoms
Norton Security Suite is outdated and off, Windows Defender is not enabled. Therefor you have no enabled protection.
Best to keep surfing on the internet to a minimum until you're protected.
When you return, please let me know if you'd like to keep Norton Security Suite or use Windows Defender and Windows Firewall, either of which are fine for Windows 7.
We'll get that properly set up then.
Also, we'll do some work on Chrome to clean it out.
In the mean time, let's clean up!
Before we get started, FRST needs to be on the Desktop.
It is currently located at C:\Users\Sarah\Downloads
Please cut and paste it onto the Desktop <~ Very important!
It needs to be there for the fix to work correctly.
Please let me know how it runs after these steps:
Step 1
Uninstalls
Please go to Start ~> Control Panel ~> Programs and Features uninstall each of the following if found:
AVG SafeGuard toolbar
Coupon Printer for Windows
File Type Assistant
GreatArcadeHits
Java 7 Update 45
MyPC Backup
RegClean Pro
Update for Zip Extractor
Whilokii 1.0.0
Zip Extractor Packages
Step 2
FRST Fix
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
fixlist.txt 8.18KB
306 downloads
Step 3
ADWCleaner
1. Please download AdwCleaner from this link to your Desktop.
To Download to the Desktop do the following:
When the Download window pops up on the bottom of your screen first click the arrow button
Then click Save As
Then choose Desktop from the left side panel.
This will set ADWCleaner to your Desktop.
• If it happens to save to another location, right click the ADWCleaner icon and select Cut then right click on Desktop and select Paste.
2. Right click 
on your Desktop, choose Run as Administrator.
3. Accept UAC prompt.
4. Accept AdwCleaner's Terms of Use. And the AdwCleaner window opens:
5. Click on the 
<~ Scan button and wait for the scan to finish.
6. After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending..... Please uncheck elements you don't want to remove. Please check to be sure no good items accidentally got picked up.
7. Once that is complete, click the 
<~ Clean button
8. Once it has finished Cleaning, click the 
<~ Report button to get the log.
9. Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
Step 4
Fresh FRST Log
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
Step 5
Post!
When you return, please post:
1. FRST fix log
2. ADWCleaner.txt
3. Fresh FRST log
4. Let me know how the computer running is now
Thank you
#7
Posted 15 September 2014 - 01:34 PM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
FIXLOG
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Sarah at 2014-09-15 15:12:07 Run:1
Running from C:\Users\Sarah\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start:
() C:\Program Files (x86)\Whilokii\updateWhilokii.exe
() C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
C:\Program Files (x86)\Whilokii
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files (x86)\Common Files\AVG Secure Search
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files (x86)\MyPC Backup
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\AVG SafeGuard toolbar
(Google Inc.) C:\Users\Sarah\AppData\Local\Temp\GoogleUpdateSetup.exe5aa832
C:\Users\Sarah\AppData\Local\Temp\GoogleUpdateSetup.exe5aa832
(Google Inc.) C:\Users\Sarah\AppData\Local\Temp\GUM3716.tmp\GoogleUpdate.exe
C:\Users\Sarah\AppData\Local\Temp\GUM3716.tmp
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files (x86)\Mobogenie
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-09-12] ()
HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\...\MountPoints2: {9581de0b-ea57-11e1-a685-806e6f6e6963} - G:\setup.exe -a
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM - {E59F3F0D-2F9A-41DB-BB93-898062EAD357} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={180BD476-E6DC-419E-8D98-E266A453859E}&mid=7025a5a86ed847d3838b9557e7229111-23912a78c79a119d8485070cf919c90e618646cb&lang=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-10-19 10:27:27&v=17.0.1.12&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://mysearch.avg.com?cid={180BD476-E6DC-419E-8D98-E266A453859E}&mid=7025a5a86ed847d3838b9557e7229111-23912a78c79a119d8485070cf919c90e618646cb&lang=en&ds=co011&coid=avgtbdisco&pr=sa&d=&v=18.1.7.598&pid=safeguard&sg=0&sap=hp
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-09-12]
FF Extension: No Name - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\[email protected] [Not Found]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
R2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [323352 2014-09-12] ()
R2 Util Whilokii; C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe [323352 2014-09-12] ()
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-09-12] (AVG Secure Search)
R1 {fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64; C:\Windows\System32\drivers\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64.sys [61112 2014-06-09] (StdLib)
C:\Windows\System32\drivers\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64.sys
2014-09-12 08:48 - 2014-09-12 08:48 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-09-12 11:35 - 2011-08-21 10:06 - 00430807 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 11:37 - 2011-12-25 13:37 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9603BC86-A81E-4F00-97E9-24E3BAAE7AF6}
2014-09-12 11:24 - 2013-10-19 10:24 - 00000292 _____ () C:\Windows\Tasks\DigitalSite.job
2014-09-12 09:52 - 2013-10-19 10:24 - 00000000 ____D () C:\Program Files (x86)\Whilokii
2014-09-12 09:18 - 2014-06-30 00:38 - 00000000 ____D () C:\da7b97d4a0d433610240e4
2014-09-12 08:56 - 2013-10-19 10:25 - 00000276 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-09-12 08:52 - 2013-10-19 10:26 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-09-12 08:48 - 2014-09-12 08:48 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-09-12 08:45 - 2013-10-26 20:23 - 00001350 _____ () C:\Users\Sarah\Desktop\Clean Registry for Free!.lnk
2014-09-12 08:42 - 2013-10-19 10:27 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2012.11.9.0 - ) <==== ATTENTION
GreatArcadeHits (HKCU\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION
MyPC Backup (HKLM\...\MyPC Backup) (Version: - MyPC Backup) <==== ATTENTION
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Whilokii 1.0.0 (HKLM\...\Whilokii) (Version: 1.0.0 - Whilokii) <==== ATTENTION
Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION
Task: {8457E2CE-A566-42CD-B1E7-B1E78D299566} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-07-22] (Systweak Inc) <==== ATTENTION
Task: {91B6E374-DDC0-4DEF-80C0-D784F26CEE72} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-07-22] (Systweak Inc) <==== ATTENTION
Task: {9E857B23-8BF9-4634-A56C-AE82C4D5D29D} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2012-11-09] (Trusted Software ApS) <==== ATTENTION
Task: {A8197B8C-C993-4FC7-8667-553022A1D991} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-07-22] (Systweak Inc) <==== ATTENTION
Task: {E85A7901-16E7-44DE-AB8F-F0B49C0B0151} - System32\Tasks\GreatArcadeHits => C:\Users\Sarah\AppData\Local\GreatArcadeHits\GAHUpdate.exe [2013-08-14] () <==== ATTENTION
Task: {E955B2F0-FEB9-4998-9B09-F68CC7F24D4C} - System32\Tasks\0414cUpdateInfo => C:\ProgramData\Avg_Update_0414c\0414c_{3483784A-BBF1-40C0-811B-73E239A6D24F}.exe [2014-05-31] ()
Task: {F930284D-7017-47D9-9C53-BA93ECDFB061} - System32\Tasks\DigitalSite => C:\Users\Sarah\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {FE92BB01-FDDA-4DC4-BA8A-30B4D227F1A0} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe [2012-11-09] () <==== ATTENTION
Task: C:\Windows\Tasks\0414cUpdateInfo.job => C:\ProgramData\Avg_Update_0414c\0414c_{3483784A-BBF1-40C0-811B-73E239A6D24F}.exe
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Sarah\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GreatArcadeHits.job => C:\Users\Sarah\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
emptytemp:
end
*****************
Start: => Error: No automatic fix found for this entry.
C:\Program Files (x86)\Whilokii\updateWhilokii.exe => No running process found
C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe => No running process found
"C:\Program Files (x86)\Whilokii" => File/Directory not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe => No running process found
"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Directory not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe => No running process found
"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Directory not found.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe => No running process found
C:\Program Files (x86)\MyPC Backup => Moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe => No running process found
"C:\Program Files (x86)\AVG SafeGuard toolbar" => File/Directory not found.
C:\Users\Sarah\AppData\Local\Temp\GoogleUpdateSetup.exe5aa832 => No running process found
C:\Users\Sarah\AppData\Local\Temp\GoogleUpdateSetup.exe5aa832 => Moved successfully.
C:\Users\Sarah\AppData\Local\Temp\GUM3716.tmp\GoogleUpdate.exe => No running process found
"C:\Users\Sarah\AppData\Local\Temp\GUM3716.tmp" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully.
"C:\Program Files (x86)\Mobogenie" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value not found.
"HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9581de0b-ea57-11e1-a685-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{9581de0b-ea57-11e1-a685-806e6f6e6963}" => Key not found.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E59F3F0D-2F9A-41DB-BB93-898062EAD357}" => Key deleted successfully.
"HKCR\CLSID\{E59F3F0D-2F9A-41DB-BB93-898062EAD357}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key not found.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\searchplugins\safeguard-secure-search.xml => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\avg@toolbar => Value not found.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 not found.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\[email protected] not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
BackupStack => Service not found.
Update Whilokii => Service not found.
Util Whilokii => Service not found.
vToolbarUpdater18.1.9 => Service not found.
{fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64 => Service stopped successfully.
{fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64 => Service deleted successfully.
C:\Windows\System32\drivers\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64.sys => Moved successfully.
"C:\Windows\System32\Tasks\RegClean Pro" => File/Directory not found.
Could not move "C:\Windows\WindowsUpdate.log" => Scheduled to move on reboot.
C:\Windows\System32\Tasks\User_Feed_Synchronization-{9603BC86-A81E-4F00-97E9-24E3BAAE7AF6} => Moved successfully.
C:\Windows\Tasks\DigitalSite.job => Moved successfully.
"C:\Program Files (x86)\Whilokii" => File/Directory not found.
C:\da7b97d4a0d433610240e4 => Moved successfully.
"C:\Windows\Tasks\RegClean Pro_DEFAULT.job" => File/Directory not found.
"C:\Program Files (x86)\AVG SafeGuard toolbar" => File/Directory not found.
"C:\Windows\System32\Tasks\RegClean Pro" => File/Directory not found.
"C:\Users\Sarah\Desktop\Clean Registry for Free!.lnk" => File/Directory not found.
"C:\Windows\system32\Drivers\avgtpx64.sys" => File/Directory not found.
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2012.11.9.0 - ) <==== ATTENTION => Error: No automatic fix found for this entry.
GreatArcadeHits (HKCU\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION => Error: No automatic fix found for this entry.
MyPC Backup (HKLM\...\MyPC Backup) (Version: - MyPC Backup) <==== ATTENTION => Error: No automatic fix found for this entry.
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION => Error: No automatic fix found for this entry.
Whilokii 1.0.0 (HKLM\...\Whilokii) (Version: 1.0.0 - Whilokii) <==== ATTENTION => Error: No automatic fix found for this entry.
Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8457E2CE-A566-42CD-B1E7-B1E78D299566}" => Key not found.
C:\Windows\System32\Tasks\RegClean Pro_UPDATES not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91B6E374-DDC0-4DEF-80C0-D784F26CEE72}" => Key not found.
C:\Windows\System32\Tasks\RegClean Pro_DEFAULT not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E857B23-8BF9-4634-A56C-AE82C4D5D29D}" => Key not found.
C:\Windows\System32\Tasks\ProgramUpdateCheck not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8197B8C-C993-4FC7-8667-553022A1D991}" => Key not found.
C:\Windows\System32\Tasks\RegClean Pro not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E85A7901-16E7-44DE-AB8F-F0B49C0B0151}" => Key not found.
C:\Windows\System32\Tasks\GreatArcadeHits not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GreatArcadeHits" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E955B2F0-FEB9-4998-9B09-F68CC7F24D4C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E955B2F0-FEB9-4998-9B09-F68CC7F24D4C}" => Key deleted successfully.
C:\Windows\System32\Tasks\0414cUpdateInfo => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0414cUpdateInfo" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F930284D-7017-47D9-9C53-BA93ECDFB061}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F930284D-7017-47D9-9C53-BA93ECDFB061}" => Key deleted successfully.
C:\Windows\System32\Tasks\DigitalSite => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DigitalSite" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE92BB01-FDDA-4DC4-BA8A-30B4D227F1A0}" => Key not found.
C:\Windows\System32\Tasks\ProgramRefresh-ATFST not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST" => Key not found.
C:\Windows\Tasks\0414cUpdateInfo.job => Moved successfully.
C:\Windows\Tasks\DigitalSite.job not found.
C:\Windows\Tasks\GreatArcadeHits.job not found.
C:\Windows\Tasks\RegClean Pro_DEFAULT.job not found.
C:\Windows\Tasks\RegClean Pro_UPDATES.job not found.
EmptyTemp: => Removed 997.5 MB temporary data.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-15 15:23:11)<=
C:\Windows\WindowsUpdate.log => Is moved successfully.
==== End of Fixlog ====
#8
Posted 15 September 2014 - 01:54 PM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
Here are the two of the logs.
Edited by busymomof4kids, 15 September 2014 - 01:59 PM.
#9
Posted 15 September 2014 - 01:55 PM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
ADWCleaner log
# AdwCleaner v3.310 - Report created 15/09/2014 at 15:41:39
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sarah - SARAH-HP
# Running from : C:\Users\Sarah\Desktop\AdwCleaner (1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Folder Deleted : C:\Program Files (x86)\File Type Assistant
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Users\Sarah\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Sarah\AppData\Local\GreatArcadeHits
Folder Deleted : C:\Users\Sarah\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Sarah\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\Sarah\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Sarah\Documents\Mobogenie
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Sarah\daemonprocess.txt
File Deleted : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\user.js
File Deleted : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
File Deleted : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.saltarsmart.biz_0.localstorage
File Deleted : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16540
-\\ Mozilla Firefox v24.0 (en-US)
[ File : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN28965888516356657&ctid=CT3303000&UM=2
Deleted [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&a=axl&q={searchTerms}
Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=341&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7301375034184569&q={searchTerms}
Deleted [Search Provider] : hxxp://moneysavingmom.com/money-saving-mom-search-results?cx=007411191005105397513%3Aunk5vrqj0se&cof=FORID%3A11&ie=UTF-8&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [14067 octets] - [15/10/2013 11:33:42]
AdwCleaner[R1].txt - [6050 octets] - [15/09/2014 15:36:47]
AdwCleaner[S0].txt - [14082 octets] - [15/10/2013 11:39:46]
AdwCleaner[S1].txt - [6674 octets] - [15/09/2014 15:41:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6734 octets] ##########
#10
Posted 15 September 2014 - 02:08 PM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
fresh frst log
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Sarah (administrator) on SARAH-HP on 15-09-2014 16:00:17
Running from C:\Users\Sarah\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\ccsvchst.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\ccsvchst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\...\Run: [Google Update] => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-25] (Google Inc.)
HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: Whilokii - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\Extensions\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}.xpi [2014-09-15]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn [2014-09-15]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn [2013-04-02]
Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={180BD476-E6DC-419E-8D98-E266A453859E}&mid=7025a5a86ed847d3838b9557e7229111-23912a78c79a119d8485070cf919c90e618646cb&lang=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-10-19 10:27:27&v=18.1.9.799&pid=safeguard&sg=0&sap=hp"
CHR DefaultSearchKeyword: Default -> mysearch.avg.com
CHR DefaultSearchProvider: Default -> AVG Secure Search
CHR DefaultSearchURL: Default -> http://mysearch.avg.com/search?cid={180BD476-E6DC-419E-8D98-E266A453859E}&mid=7025a5a86ed847d3838b9557e7229111-23912a78c79a119d8485070cf919c90e618646cb&lang=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-10-19 10:27:27&v=17.0.0.12&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://toolbar.avg.c...earchTerms}&o=1
CHR Profile: C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-06-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (Skype Click to Call) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-02-18]
CHR Extension: (Google Wallet) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR StartMenuInternet: Google Chrome - C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [1525848 2013-09-24] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130927.002\IDSvia64.sys [520280 2013-08-25] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130927.018\ENG64.SYS [126040 2013-09-02] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130927.018\EX64.SYS [2099288 2013-09-02] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-15 16:00 - 2014-09-15 16:00 - 00019111 _____ () C:\Users\Sarah\Desktop\FRST.txt
2014-09-15 15:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-15 15:29 - 2014-09-15 15:30 - 01373475 _____ () C:\Users\Sarah\Desktop\AdwCleaner (1).exe
2014-09-15 15:24 - 2014-09-15 15:44 - 00047266 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 11:38 - 2014-09-12 11:42 - 00040573 _____ () C:\Users\Sarah\Downloads\Addition.txt
2014-09-12 11:32 - 2014-09-12 11:33 - 02105856 _____ (Farbar) C:\Users\Sarah\Downloads\FRST64 (2).exe
2014-09-12 10:44 - 2014-09-12 11:42 - 00034182 _____ () C:\Users\Sarah\Downloads\FRST.txt
2014-09-12 10:43 - 2014-09-15 16:00 - 00000000 ____D () C:\FRST
2014-09-12 10:42 - 2014-09-12 10:42 - 02105856 _____ (Farbar) C:\Users\Sarah\Downloads\FRST64 (1).exe
2014-09-12 10:42 - 2014-09-12 10:42 - 02105856 _____ (Farbar) C:\Users\Sarah\Desktop\FRST64.exe
2014-09-12 10:41 - 2014-09-12 10:41 - 01097728 _____ (Farbar) C:\Users\Sarah\Downloads\FRST.exe
2014-09-12 10:39 - 2014-09-12 10:39 - 00003304 _____ () C:\Windows\System32\Tasks\PCHB_WaitAndStartAfter
2014-09-12 10:38 - 2014-09-12 10:38 - 00001078 _____ () C:\Users\Public\Desktop\PC HealthBoost.lnk
2014-09-12 10:38 - 2014-09-12 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost
2014-09-12 10:38 - 2014-09-12 10:38 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-09-12 10:38 - 2014-09-12 10:38 - 00000000 ____D () C:\Program Files (x86)\PC HealthBoost
2014-09-12 10:35 - 2014-09-12 10:36 - 03079136 _____ (BoostSoftware Inc. ) C:\Users\Sarah\Downloads\PCHealthBoost-Setup.exe
2014-09-12 09:48 - 2014-09-12 09:48 - 00000000 __SHD () C:\found.000
2014-09-12 09:07 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-12 09:07 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-12 09:07 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-12 09:07 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-12 09:05 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-12 09:05 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-12 09:05 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-12 09:05 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-12 09:05 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-12 09:05 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-12 09:02 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-12 09:02 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-12 09:02 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-12 09:02 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-15 16:02 - 2014-09-15 16:00 - 00019111 _____ () C:\Users\Sarah\Desktop\FRST.txt
2014-09-15 16:00 - 2014-09-12 10:43 - 00000000 ____D () C:\FRST
2014-09-15 15:58 - 2014-09-15 15:24 - 00047266 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 15:53 - 2009-07-14 01:13 - 00006426 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 15:53 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 15:53 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 15:45 - 2010-11-20 23:47 - 00457558 _____ () C:\Windows\PFRO.log
2014-09-15 15:45 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 15:45 - 2009-07-14 00:51 - 00081737 _____ () C:\Windows\setupact.log
2014-09-15 15:42 - 2013-10-15 11:29 - 00000000 ____D () C:\AdwCleaner
2014-09-15 15:41 - 2011-12-25 13:30 - 00000000 ____D () C:\Users\Sarah
2014-09-15 15:30 - 2014-09-15 15:29 - 01373475 _____ () C:\Users\Sarah\Desktop\AdwCleaner (1).exe
2014-09-15 15:12 - 2011-12-25 13:53 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001UA.job
2014-09-15 15:06 - 2012-01-04 23:40 - 00000000 ____D () C:\Program Files (x86)\Kodak
2014-09-15 15:06 - 2012-01-04 23:37 - 00000000 ____D () C:\ProgramData\Kodak
2014-09-15 15:05 - 2012-01-04 23:46 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Eastman_Kodak_Company
2014-09-15 14:12 - 2012-02-17 20:16 - 00000000 ____D () C:\Users\Sarah\AppData\Local\CrashDumps
2014-09-15 13:57 - 2011-12-25 13:53 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001Core.job
2014-09-15 13:56 - 2009-07-13 22:34 - 00000505 _____ () C:\Windows\win.ini
2014-09-15 13:55 - 2013-10-19 11:24 - 00000151 _____ () C:\Users\Sarah\AppData\Roaming\WB.CFG
2014-09-12 12:14 - 2011-12-25 13:54 - 00002368 _____ () C:\Users\Sarah\Desktop\Google Chrome.lnk
2014-09-12 11:42 - 2014-09-12 11:38 - 00040573 _____ () C:\Users\Sarah\Downloads\Addition.txt
2014-09-12 11:42 - 2014-09-12 10:44 - 00034182 _____ () C:\Users\Sarah\Downloads\FRST.txt
2014-09-12 11:33 - 2014-09-12 11:32 - 02105856 _____ (Farbar) C:\Users\Sarah\Downloads\FRST64 (2).exe
2014-09-12 10:42 - 2014-09-12 10:42 - 02105856 _____ (Farbar) C:\Users\Sarah\Downloads\FRST64 (1).exe
2014-09-12 10:42 - 2014-09-12 10:42 - 02105856 _____ (Farbar) C:\Users\Sarah\Desktop\FRST64.exe
2014-09-12 10:41 - 2014-09-12 10:41 - 01097728 _____ (Farbar) C:\Users\Sarah\Downloads\FRST.exe
2014-09-12 10:39 - 2014-09-12 10:39 - 00003304 _____ () C:\Windows\System32\Tasks\PCHB_WaitAndStartAfter
2014-09-12 10:38 - 2014-09-12 10:38 - 00001078 _____ () C:\Users\Public\Desktop\PC HealthBoost.lnk
2014-09-12 10:38 - 2014-09-12 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost
2014-09-12 10:38 - 2014-09-12 10:38 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-09-12 10:38 - 2014-09-12 10:38 - 00000000 ____D () C:\Program Files (x86)\PC HealthBoost
2014-09-12 10:36 - 2014-09-12 10:35 - 03079136 _____ (BoostSoftware Inc. ) C:\Users\Sarah\Downloads\PCHealthBoost-Setup.exe
2014-09-12 10:07 - 2011-12-25 13:53 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001UA
2014-09-12 10:07 - 2011-12-25 13:53 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001Core
2014-09-12 09:48 - 2014-09-12 09:48 - 00000000 __SHD () C:\found.000
2014-09-12 08:46 - 2013-08-02 16:32 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\HpUpdate
Some content of TEMP:
====================
C:\Users\Sarah\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-12 12:55
==================== End Of Log ============================
#11
Posted 15 September 2014 - 02:10 PM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
The laptop seems to be running, better, I'm not getting annoying popups anymore..
#12
Posted 15 September 2014 - 02:29 PM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
I also downloaded the free antivirus software thru my internet provider. Constant guard protection suite with Norton
#13
Posted 16 September 2014 - 07:48 PM
23red
-
- Malware Removal
-
- 1,797 posts
Trusted Helper
Hi Tracy
Excellent work! 
The Log looks much better!
I also downloaded the free antivirus software thru my internet provider. Constant guard protection suite with Norton
If you are comfortable with that, it is fine
If wanted or needed, you do have other free choices.
Let's fix Chrome:
We'll use FRST to remove some not so good settings:
Step 1
FRST Fix
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
fixlist.txt 735bytes
186 downloads
Then:
In Chrome you will need to reset your default search option manually.
To do this:
1. Click the Chrome menu on the browser toolbar 
2. Select Settings.
3. In the Search section, click Manage search engines.
4. Check if (Default) is displayed next to your preferred search engine (such as Google). If not, hover the mouse over it and click to make Google default.
5. Hover the mouse over any other suspicious search engine entries (such as AVG Secure Search) and any others that are not familiar and click X to remove them.
6. Reboot
Check chrome and make sure it functions correctly.
Let's do a bit more checking to be sure looking for items we don't necessarily see with other programs:
Step 2
Malwarebytes
•Please download Malwarebytes Anti-Malware to your desktop.
•Double-click mbam-setup-version.exe and follow the prompts to install the program.
•At the end, be sure a check-mark is placed next to the following:
1. Enable free trial of Malwarebytes Anti-Malware Premium
2. Launch Malwarebytes Anti-Malware
•Then click Finish.
•If an update is found, you will be prompted to download and install the latest version.
•Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
•Once the scan completes click the View detailed log link
•Then click the Copy to clipboard button and paste into your next post.
•When the scan is complete , make sure that everything is set to go to "Quarantine", and click Apply Actions.
•Reboot your computer if prompted.
Step 3
SecurityCheck by Screen317:
Please also download Security Check by screen317.
•Save it to your Desktop.
•Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
•A Notepad document should open automatically called checkup.txt; please also post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! Try rebooting the system and then run SecurityCheck again.
Step 4
ESET Online Scan
- Please go here and click on
- Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
- Please accept the ESET Online Scanner EULA and click Start.
- If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
- Make sure Enable detection of potentially unwanted applications is selected.
- Click the Advanced Settings link.
- Make sure Remove found threats is NOT checked.
- Make sure Scan archives IS checked.
- Make sure Scan for potentially unsafe applications IS checked.
- Make sure Enable Anti-Stealth technology IS checked
- Click on Start
- The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed make sure you first copy the contents of the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
Note: Copy/Paste the contents of the log.txt file before going on to the next step or the log file will be removed. - Also be sure to check Uninstall Application on Close before clicking finish.
- Paste that log as a part of your next post.
Step 5
Post!
When you return, please post:
1. Fixlog.txt
2. Malwarebytes log
3. checkup.txt
4. Eset Online Scanner\log.txt
5. Are you currently experiencing any issues?
Thank you
#14
Posted 17 September 2014 - 08:37 PM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
FRST Log
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Sarah at 2014-09-17 22:34:00 Run:2
Running from C:\Users\Sarah\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={180BD476-E6DC-419E-8D98-E266A453859E}&mid=7025a5a86ed847d3838b9557e7229111-23912a78c79a119d8485070cf919c90e618646cb&lang=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-10-19 10:27:27&v=18.1.9.799&pid=safeguard&sg=0&sap=hp"
CHR DefaultSearchKeyword: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> http://mysearch.avg.com/search?cid={180BD476-E6DC-419E-8D98-E266A453859E}&mid=7025a5a86ed847d3838b9557e7229111-23912a78c79a119d8485070cf919c90e618646cb&lang=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-10-19 10:27:27&v=17.0.0.12&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://toolbar.avg.c...earchTerms}&o=1
*****************
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
==== End of Fixlog ====
#15
Posted 18 September 2014 - 05:25 AM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
Malwarebytes log
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 9/17/2014
Scan Time: 11:30:41 PM
Logfile: Scan log.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.09.18.01
Rootkit Database: v2014.09.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sarah
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314943
Time Elapsed: 7 hr, 40 min, 34 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, Quarantined, [0415935ccdae8fa7ac0caac4ad571ee2],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, Quarantined, [6bae11de87f4b28444743f2f5fa544bc],
PUP.Optional.SevereWeatherAlerts.A, HKU\S-1-5-21-2789968882-3570388344-1764720213-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\SevereWeatherAlerts.exe, Quarantined, [dd3ce00f196292a44f1e2a3a04007e82],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 5
PUP.Optional.GreatArcadeHits.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh, Quarantined, [0a0ffbf40c6f0234526e02d3fb0722de],
PUP.Optional.GreatArcadeHits.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.7_0, Quarantined, [0a0ffbf40c6f0234526e02d3fb0722de],
PUP.Optional.GreatArcadeHits.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.7_0\_metadata, Quarantined, [0a0ffbf40c6f0234526e02d3fb0722de],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\toolbarImages, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
Files: 55
PUP.Optional.InstallCore, C:\Users\Sarah\Downloads\ZipExtractorSetup.exe, Quarantined, [a9708f60275495a1990eceaad62e6c94],
PUP.Optional.Superfish.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [5dbc727d413ac57116098c928380be42],
PUP.Optional.Superfish.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [839616d975068caaae7136e84db65fa1],
PUP.Optional.Whilokii.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}.xpi, Quarantined, [dd3c6689b0cb9f97112f52da19eac13f],
PUP.Optional.GreatArcadeHits.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.7_0\background.js, Quarantined, [0a0ffbf40c6f0234526e02d3fb0722de],
PUP.Optional.GreatArcadeHits.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.7_0\cs.js, Quarantined, [0a0ffbf40c6f0234526e02d3fb0722de],
PUP.Optional.GreatArcadeHits.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.7_0\icon128.png, Quarantined, [0a0ffbf40c6f0234526e02d3fb0722de],
PUP.Optional.GreatArcadeHits.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.7_0\icon16.png, Quarantined, [0a0ffbf40c6f0234526e02d3fb0722de],
PUP.Optional.GreatArcadeHits.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.7_0\icon48.png, Quarantined, [0a0ffbf40c6f0234526e02d3fb0722de],
PUP.Optional.GreatArcadeHits.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.7_0\info.js, Quarantined, [0a0ffbf40c6f0234526e02d3fb0722de],
PUP.Optional.GreatArcadeHits.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.7_0\manifest.json, Quarantined, [0a0ffbf40c6f0234526e02d3fb0722de],
PUP.Optional.GreatArcadeHits.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.7_0\_metadata\verified_contents.json, Quarantined, [0a0ffbf40c6f0234526e02d3fb0722de],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.1000082.currentList, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.1000082.localStations, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.1000082.nowPlaying, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.1000082.publisherStations, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.130136188917021865.search.selectedEngineId, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.130136188917021865.search.settings, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.appOptions, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.fullUserID, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.installUsageEarly, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.NotificationSettings, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_RAW.serviceLayer_services_toolbarContextMenu, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_RAW.serviceLayer_services_toolbarSettings, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_RAW.serviceLayer_services_translation, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_10.20.1.508.serviceLayer_services_serviceMap, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_10.20.1.508.serviceLayer_services_setupAPI, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_10.20.1.508.serviceLayer_services_toolbarContextMenu, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_10.20.1.508.serviceLayer_services_toolbarSettings, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_10.20.1.508.serviceLayer_services_translation, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_RAW.serviceLayer_services_appsMetadata, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_RAW.serviceLayer_services_appTrackingFirstTime, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_RAW.serviceLayer_services_Configuration, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_RAW.serviceLayer_services_gottenAppsContextMenu, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_RAW.serviceLayer_services_otherAppsContextMenu, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_RAW.serviceLayer_services_searchAPI, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_RAW.serviceLayer_services_serviceMap, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\serviceLayer_userApps_added, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\toolbar_initializing_logger.txt, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\uninstallData, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\uninstallUrl, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.NOTIFICATION_ID.notifications-repository, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_10.20.1.508.serviceLayer_services_searchAPI, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_RAW.serviceLayer_services_setupAPI, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.NOTIFICATION_ID.notifications-servicemap, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.NOTIFICATION_ID.notifications-service_1787912, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.pg_conf_global, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.searchProtectorData, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.searchUserMode, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000.UserID, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_10.20.1.508.serviceLayer_services_appsMetadata, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_10.20.1.508.serviceLayer_services_appTrackingFirstTime, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_10.20.1.508.serviceLayer_services_Configuration, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_10.20.1.508.serviceLayer_services_gottenAppsContextMenu, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\CT3303000\CT3303000_10.20.1.508.serviceLayer_services_otherAppsContextMenu, Quarantined, [14058f60f08bf34346f56c6de61cbb45],
Physical Sectors: 0
(No malicious items detected)
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
