Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.gen.2 removal help

Started by sabay22 , Jan 11 2015 12:41 PM
virus trojan removal

  • Please log in to reply

#1
sabay22
Posted 11 January 2015 - 12:41 PM

sabay22

    New Member

  • Member
  • Pip
  • 7 posts

Hello,

 

I have been battling the Trojan.Gen.2 virus with no luck and need help removing it. Sometimes when running a scan the computer will freeze and/or turn off. 

 

Symantec Antivirus detected the virus as Trojan.Gen.2. When I did a scan it either said it was removed or there weren't any viruses detected. However, the Symantec window keeps popping up saying it's still on my computer.

 

I also have Malwarebytes which has also alerts me with the virus. I will run a scan and it would detect the virus which calls it PUP.Optional.Incredibar.A. Malwarebytes will clean the computer and say the virus is gone but will later say the computer is infected again. 

 

I noticed the problem after the upgrade to Mozilla Firefox.

 

Thank you!

 

OTL Log

 

OTL logfile created on: 1/11/2015 1:06:43 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Samantha\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.95 Gb Total Physical Memory | 4.22 Gb Available Physical Memory | 53.10% Memory free
15.90 Gb Paging File | 12.15 Gb Available in Paging File | 76.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 673.19 Gb Total Space | 148.13 Gb Free Space | 22.00% Space Free | Partition Type: NTFS
Drive D: | 21.28 Gb Total Space | 2.29 Gb Free Space | 10.76% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.11% Space Free | Partition Type: FAT32
 
Computer Name: SAMANTHA-HP | User Name: Samantha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/11 13:06:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Samantha\Downloads\OTL.scr
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/07/11 01:39:16 | 000,511,872 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2014/03/11 16:44:52 | 000,241,728 | ---- | M] (Foxit Corporation) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
PRC - [2013/11/15 09:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/11/14 19:18:02 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/27 18:56:35 | 000,470,528 | ---- | M] (Livescribe) -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011/08/26 17:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011/08/26 06:58:00 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
PRC - [2011/08/26 06:57:40 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
PRC - [2011/08/26 06:57:14 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
PRC - [2011/08/19 17:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/08/09 11:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/08/09 11:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/05/20 13:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 13:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/10/11 08:45:19 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/10/11 08:45:19 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/10/11 08:45:18 | 000,181,616 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
PRC - [2010/10/11 08:45:17 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/10/11 08:45:17 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/05 20:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 20:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 20:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/11/13 23:47:49 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8a928ac654971d189f4b8b6bd17926bf\IAStorUtil.ni.dll
MOD - [2014/11/13 23:47:49 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\07cf963400f1454398a79308cd9ba191\IAStorCommon.ni.dll
MOD - [2014/11/13 23:44:13 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll
MOD - [2014/11/13 23:44:08 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\875c35969785fa170d186e7ca546ac9e\System.Runtime.Remoting.ni.dll
MOD - [2014/11/13 23:43:16 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/11/13 23:43:10 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/11/13 23:42:48 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/11/13 23:42:45 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/11/13 23:42:28 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014/11/13 23:42:25 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/11/13 23:41:57 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/13 00:09:39 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/04/24 19:01:21 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/02/26 04:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/02/26 04:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/02/26 04:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/02/26 04:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/01/17 15:12:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/01/09 11:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/06/14 13:31:06 | 000,498,688 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2011/06/14 13:26:20 | 000,986,112 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2011/06/02 08:11:26 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/05/27 14:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/10 19:03:53 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/11 16:44:52 | 000,241,728 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2013/11/15 09:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/04/24 18:56:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/10/27 18:56:35 | 000,470,528 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/08/26 06:58:00 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe -- (FPLService)
SRV - [2011/08/09 11:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/09 11:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/06/28 20:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/05/20 13:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/11 08:45:19 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/10/11 08:45:19 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/10/11 08:45:18 | 003,234,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/10/11 08:45:18 | 000,425,800 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010/10/11 08:45:17 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/06/08 07:25:30 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/11 12:41:54 | 000,108,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SMR430.SYS -- (SMR430)
DRV:64bit: - [2015/01/11 12:29:28 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/08/28 20:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2013/03/20 09:51:14 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2013/03/20 09:49:34 | 000,012,288 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2013/03/19 17:25:46 | 000,027,648 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2013/03/19 17:25:28 | 000,023,552 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/08 16:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/20 11:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/02/19 18:41:51 | 000,173,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/01/09 11:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/01/09 11:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/11/09 23:28:18 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/09 23:28:18 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/27 18:57:23 | 000,026,112 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PulseUsb.sys -- (PulseUsb)
DRV:64bit: - [2011/08/10 02:32:04 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/05 15:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/08/05 15:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/06/10 20:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/06/10 20:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/06/09 21:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/02 08:11:26 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/05/30 19:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/27 14:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 14:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/20 12:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/19 16:25:10 | 000,182,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2011/05/19 16:25:04 | 000,083,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2011/05/19 16:25:00 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2011/02/16 21:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 19:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/10/11 08:45:19 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010/10/11 08:45:19 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/10/11 08:45:19 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/08 06:02:14 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/06 18:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/02/06 02:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2014/11/25 17:30:45 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/11/25 17:30:44 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/11/17 09:32:00 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\ex64.sys -- (NAVEX15)
DRV - [2014/11/17 09:32:00 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\eng64.sys -- (NAVENG)
DRV - [2012/09/19 11:18:45 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2010/10/11 08:45:19 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/10/11 08:45:19 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/10/11 08:45:19 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/08 06:02:14 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{90EF5819-E2B6-46A6-8730-753BF2FD106A}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{90EF5819-E2B6-46A6-8730-753BF2FD106A}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{90EF5819-E2B6-46A6-8730-753BF2FD106A}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6Oyutmahb4&i=26
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\2qxe28tk.default\extensions\[email protected]
 
[2012/02/17 14:58:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Samantha\AppData\Roaming\Mozilla\Extensions
[2014/12/06 20:12:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\2qxe28tk.default\extensions
[2013/12/08 15:38:33 | 000,000,000 | -H-D | M] (IE Tab +) -- C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\2qxe28tk.default\extensions\[email protected]
[2014/11/11 01:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/11/11 01:28:45 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\
CHR - Extension: No name found = C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/04/24 20:22:35 | 000,001,367 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1                               adobe.activate.com 
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE /FU "C:\Windows\TEMP\E_S6B91.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON Stylus CX7400 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE /FU "C:\Windows\TEMP\E_SE63C.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBUA.EXE /FU "C:\Windows\TEMP\E_S3B7C.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_EDAEA16D39FC2441458D534C4A684548] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ccf.org ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ccf.org ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: enwisen.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: enwisen.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CF393A0-5002-427D-8257-ACD5182F3F44}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/12/18 10:29:58 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1e3fb9a0-879f-11e4-a020-082e5f8576b6}\Shell - "" = AutoRun
O33 - MountPoints2\{1e3fb9a0-879f-11e4-a020-082e5f8576b6}\Shell\AutoRun\command - "" = G:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{207c0b5f-2066-11e3-bdf6-082e5f8576b6}\Shell - "" = AutoRun
O33 - MountPoints2\{207c0b5f-2066-11e3-bdf6-082e5f8576b6}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{9885f25f-29d3-11e3-b48e-082e5f8576b6}\Shell - "" = AutoRun
O33 - MountPoints2\{9885f25f-29d3-11e3-b48e-082e5f8576b6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d92e87ac-66e3-11e1-b574-082e5f8576b6}\Shell - "" = AutoRun
O33 - MountPoints2\{d92e87ac-66e3-11e1-b574-082e5f8576b6}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{f3fadb6a-7861-11e2-b233-082e5f8576b6}\Shell - "" = AutoRun
O33 - MountPoints2\{f3fadb6a-7861-11e2-b233-082e5f8576b6}\Shell\AutoRun\command - "" = H:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/07 12:09:16 | 000,108,216 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR430.SYS
[2014/12/19 14:50:31 | 000,000,000 | ---D | C] -- C:\Users\Samantha\Desktop\Cellphone Dec 2014
[2014/12/17 18:21:46 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\51A67ED1.sys
[2014/12/12 16:59:23 | 000,000,000 | -H-D | C] -- C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2014/12/12 14:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/12/12 14:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/12/12 14:51:30 | 000,000,000 | -H-D | C] -- C:\Users\Samantha\AppData\Local\Deployment
[2014/12/12 14:51:30 | 000,000,000 | -H-D | C] -- C:\Users\Samantha\AppData\Local\Apps
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/11 13:03:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/11 12:57:05 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/11 12:41:55 | 000,000,020 | ---- | M] () -- C:\Windows\SysNative\drivers\SMR430.dat
[2015/01/11 12:41:54 | 000,108,216 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR430.SYS
[2015/01/11 12:34:22 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/11 12:29:28 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/11 12:29:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSamantha.job
[2015/01/11 12:29:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/07 12:24:38 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/07 12:24:38 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/07 12:11:21 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/25 09:46:12 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/25 09:46:12 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/25 09:46:12 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/18 10:29:58 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/12/17 18:21:47 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\51A67ED1.sys
[2014/12/17 18:18:13 | 000,002,279 | -H-- | M] () -- C:\Users\Samantha\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/15 18:52:00 | 000,121,671 | ---- | M] () -- C:\Users\Samantha\Desktop\Order Number.jpg
[2014/12/15 18:45:44 | 000,158,328 | ---- | M] () -- C:\Users\Samantha\Desktop\TOTAL FOR TICKETS.jpg
[2014/12/15 18:26:30 | 000,062,851 | ---- | M] () -- C:\Users\Samantha\Desktop\map2.jpg
[2014/12/15 18:22:06 | 000,103,435 | ---- | M] () -- C:\Users\Samantha\Desktop\map.jpg
[2014/12/12 16:59:24 | 000,001,377 | ---- | M] () -- C:\Users\Samantha\Desktop\Norton Installation Files.lnk
[2014/12/12 14:53:57 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/11 12:41:54 | 000,000,020 | ---- | C] () -- C:\Windows\SysNative\drivers\SMR430.dat
[2014/12/18 10:29:58 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/12/15 18:52:00 | 000,121,671 | ---- | C] () -- C:\Users\Samantha\Desktop\Order Number.jpg
[2014/12/15 18:45:44 | 000,158,328 | ---- | C] () -- C:\Users\Samantha\Desktop\TOTAL FOR TICKETS.jpg
[2014/12/15 18:26:30 | 000,062,851 | ---- | C] () -- C:\Users\Samantha\Desktop\map2.jpg
[2014/12/15 18:22:06 | 000,103,435 | ---- | C] () -- C:\Users\Samantha\Desktop\map.jpg
[2014/12/12 16:59:23 | 000,001,377 | ---- | C] () -- C:\Users\Samantha\Desktop\Norton Installation Files.lnk
[2014/12/12 14:53:57 | 000,002,279 | -H-- | C] () -- C:\Users\Samantha\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/12 14:53:57 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/12 14:52:14 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/12 14:52:01 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/12 11:49:08 | 000,159,260 | ---- | C] () -- C:\Users\Samantha\Samantha BaileyResume_.pdf
[2014/05/07 19:54:28 | 000,019,342 | ---- | C] () -- C:\Users\Samantha\SamanthaBailey_Resume.pdf
[2014/01/01 13:21:28 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2013/12/20 18:31:44 | 000,000,895 | -H-- | C] () -- C:\Users\Samantha\Searches - Shortcut.lnk
[2013/06/10 14:08:44 | 000,093,669 | ---- | C] () -- C:\Users\Samantha\002_Small.jpg
[2013/06/10 14:06:27 | 000,833,789 | ---- | C] () -- C:\Users\Samantha\002_edit.jpg
[2013/06/10 14:02:48 | 000,733,732 | ---- | C] () -- C:\Users\Samantha\002.jpg
[2013/06/10 14:01:42 | 000,536,491 | -H-- | C] () -- C:\Users\Samantha\001.jpg
[2013/06/09 19:02:09 | 000,506,196 | ---- | C] () -- C:\Users\Samantha\IndianaREGJonesTHeme_.mp3
[2013/06/09 19:01:36 | 000,506,220 | ---- | C] () -- C:\Users\Samantha\IndianahiJonesTHemeHigher_.mp3
[2013/06/08 19:34:34 | 000,748,317 | ---- | C] () -- C:\Users\Samantha\IndianaJonesTHemeHigher.mp4
[2013/06/08 19:33:27 | 000,748,068 | ---- | C] () -- C:\Users\Samantha\IndianaJonesTHeme.mp4
[2013/04/26 14:48:50 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/04/26 14:48:50 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/04/26 14:48:50 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/04/26 14:48:50 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/04/26 14:48:50 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/04/26 14:48:50 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/04/26 14:48:50 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/04/26 14:48:50 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/04/26 14:48:50 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/04/26 14:48:50 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/04/26 14:48:50 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/04/26 14:48:50 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/04/26 14:48:50 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/04/26 14:48:50 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/04/26 14:48:50 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/04/26 14:48:50 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/04/21 19:19:14 | 000,164,728 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/08 20:18:03 | 000,007,606 | -H-- | C] () -- C:\Users\Samantha\AppData\Local\Resmon.ResmonCfg
[2012/07/08 16:18:18 | 000,031,073 | ---- | C] () -- C:\Users\Samantha\Malwarebytes receipt.pdf
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/05/09 08:40:12 | 000,000,000 | -H-D | M] -- C:\Users\Samantha\AppData\Roaming\BodyMedia
[2012/08/20 09:53:58 | 000,000,000 | -H-D | M] -- C:\Users\Samantha\AppData\Roaming\com.adobe.bootstrap
[2014/02/07 17:23:14 | 000,000,000 | -H-D | M] -- C:\Users\Samantha\AppData\Roaming\com.livescribe.LivescribeConnect
[2013/11/29 09:26:11 | 000,000,000 | -H-D | M] -- C:\Users\Samantha\AppData\Roaming\com.Shutterfly.ExpressUploader
[2013/04/26 14:56:57 | 000,000,000 | -H-D | M] -- C:\Users\Samantha\AppData\Roaming\Epson
[2014/07/13 15:58:15 | 000,000,000 | -H-D | M] -- C:\Users\Samantha\AppData\Roaming\Foxit Software
[2012/04/01 09:24:54 | 000,000,000 | -H-D | M] -- C:\Users\Samantha\AppData\Roaming\IDT
[2012/11/06 19:13:06 | 000,000,000 | -H-D | M] -- C:\Users\Samantha\AppData\Roaming\Leawo
[2013/02/23 18:25:09 | 000,000,000 | -H-D | M] -- C:\Users\Samantha\AppData\Roaming\Motorola
[2013/02/23 18:28:06 | 000,000,000 | -H-D | M] -- C:\Users\Samantha\AppData\Roaming\Motorola Mobility
[2012/09/27 20:21:46 | 000,000,000 | -H-D | M] -- C:\Users\Samantha\AppData\Roaming\raidcall
[2014/02/13 16:32:39 | 000,000,000 | -H-D | M] -- C:\Users\Samantha\AppData\Roaming\Softland
[2012/02/17 14:56:04 | 000,000,000 | -H-D | M] -- C:\Users\Samantha\AppData\Roaming\Synaptics
[2012/11/06 19:14:47 | 000,000,000 | -H-D | M] -- C:\Users\Samantha\AppData\Roaming\tiger-k
[2012/11/15 22:53:29 | 000,000,000 | -H-D | M] -- C:\Users\Samantha\AppData\Roaming\WildTangent
[2012/04/17 18:50:22 | 000,000,000 | -H-D | M] -- C:\Users\Samantha\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements

#2
RKinner
Posted 12 January 2015 - 10:17 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
    •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    sabay22
    Posted 13 January 2015 - 02:40 PM

    sabay22

      New Member

    • Topic Starter
    • Member
    • Pip
    • 7 posts

    Hello, 

     

    When I started the scans symantec kept turning itself back on. Hopefully it didn't interfere with the scan. Here are the reports! Thank you!

     

    Farbar Recovery:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015
    Ran by Samantha (administrator) on SAMANTHA-HP on 12-01-2015 13:10:27
    Running from C:\Users\Samantha\Desktop
    Loaded Profile: Samantha (Available profiles: Samantha)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    (Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
    (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Thisisu) C:\Users\Samantha\Desktop\JRT.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2010-10-11] (Symantec Corporation)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\Run: [EPSON Stylus Photo 1400 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBUA.EXE [213504 2007-08-02] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\Run: [EPSON Stylus CX7400 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE [209408 2007-02-15] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\Run: [EPSON Stylus CX7400 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE [209408 2007-02-15] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\Run: [GoogleChromeAutoLaunch_EDAEA16D39FC2441458D534C4A684548] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\MountPoints2: G - G:\LaunchU3.exe -a
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\MountPoints2: {1e3fb9a0-879f-11e4-a020-082e5f8576b6} - G:\MotorolaDeviceManagerSetup.exe -a
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\MountPoints2: {207c0b5f-2066-11e3-bdf6-082e5f8576b6} - "G:\WD SmartWare.exe" autoplay=true
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\MountPoints2: {9885f25f-29d3-11e3-b48e-082e5f8576b6} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\MountPoints2: {d92e87ac-66e3-11e1-b574-082e5f8576b6} - G:\TL-Bootstrap.exe
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\MountPoints2: {f3fadb6a-7861-11e2-b233-082e5f8576b6} - H:\MotorolaDeviceManagerSetup.exe -a
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
    ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (No File)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    SearchScopes: HKLM -> {90EF5819-E2B6-46A6-8730-753BF2FD106A} URL = http://www.amazon.co...s={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
    SearchScopes: HKLM-x32 -> {90EF5819-E2B6-46A6-8730-753BF2FD106A} URL = http://www.amazon.co...s={searchTerms}
    SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-4012845451-3923464390-434844083-1001 -> {90EF5819-E2B6-46A6-8730-753BF2FD106A} URL = http://www.amazon.co...s={searchTerms}
    SearchScopes: HKU\S-1-5-21-4012845451-3923464390-434844083-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
    BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
    Toolbar: HKU\S-1-5-21-4012845451-3923464390-434844083-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\2qxe28tk.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF user.js: detected! => C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\2qxe28tk.default\user.js
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Extension: IE Tab + - C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\2qxe28tk.default\Extensions\[email protected] [2013-12-08]
    FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-11-11]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
     
    Chrome: 
    =======
    CHR Profile: C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-12]
    CHR Extension: (Google Docs) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-12]
    CHR Extension: (Google Drive) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-12]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-12]
    CHR Extension: (YouTube) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-12]
    CHR Extension: (Google Search) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-12]
    CHR Extension: (Website Logon) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2014-12-12]
    CHR Extension: (Google Sheets) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-12]
    CHR Extension: (Google Wallet) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-12]
    CHR Extension: (Gmail) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-12]
    CHR HKLM-x32\...\Chrome\Extension: [${CHROME_KEY}] - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibar.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2009-06-08] (Adobe Systems Incorporated)
    R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-10-11] (Symantec Corporation)
    R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-10-11] (Symantec Corporation)
    R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
    R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
    R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
    S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-02-17] (Symantec Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe) [File not signed]
    R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
    R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3234848 2010-10-11] (Symantec Corporation)
    S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [425800 2010-10-11] (Symantec Corporation)
    R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1832072 2010-10-11] (Symantec Corporation)
    R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
    S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-12] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\eng64.sys [129752 2014-11-17] (Symantec Corporation)
    R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\ex64.sys [2137304 2014-11-17] (Symantec Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2011-10-27] (Windows ® Win 7 DDK provider)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
    R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [447536 2010-10-11] (Symantec Corporation)
    R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [447536 2010-10-11] (Symantec Corporation)
    S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2010-10-11] (Symantec Corporation)
    S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [482352 2010-10-11] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2010-10-11] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32304 2010-10-11] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2012-02-19] (Symantec Corporation)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Western Digital Technologies) [File not signed]
    S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
    S1 MpKsl1485b1e6; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56002DA2-B28A-4109-A8BD-A263ED204C81}\MpKsl1485b1e6.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-12 13:10 - 2015-01-12 13:10 - 00025845 _____ () C:\Users\Samantha\Desktop\FRST.txt
    2015-01-12 13:10 - 2015-01-12 13:10 - 00000000 ____D () C:\FRST
    2015-01-12 13:08 - 2015-01-12 13:08 - 00003402 _____ () C:\Users\Samantha\Desktop\JRT.txt
    2015-01-12 13:05 - 2015-01-12 13:05 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-12 12:04 - 2015-01-12 12:04 - 00005605 _____ () C:\Users\Samantha\Desktop\AdwCleaner[S0].txt
    2015-01-12 11:45 - 2015-01-12 11:45 - 00000314 _____ () C:\Windows\PFRO.log
    2015-01-12 11:34 - 2015-01-12 11:34 - 02124288 _____ (Farbar) C:\Users\Samantha\Desktop\FRST64.exe
    2015-01-12 11:32 - 2015-01-12 11:33 - 01707939 _____ (Thisisu) C:\Users\Samantha\Desktop\JRT.exe
    2015-01-12 11:29 - 2015-01-12 11:44 - 00000000 ____D () C:\AdwCleaner
    2015-01-12 11:21 - 2015-01-12 11:22 - 02191360 _____ () C:\Users\Samantha\Desktop\AdwCleaner.exe
    2015-01-11 13:06 - 2015-01-11 13:06 - 00602112 _____ (OldTimer Tools) C:\Users\Samantha\Downloads\OTL.scr
    2015-01-11 13:05 - 2015-01-11 13:06 - 00128292 _____ () C:\Users\Samantha\Desktop\1st OTL.Txt
    2015-01-11 13:03 - 2015-01-11 13:03 - 00102816 _____ () C:\Users\Samantha\Downloads\Extras.Txt
    2015-01-11 13:02 - 2015-01-11 13:13 - 00127312 _____ () C:\Users\Samantha\Downloads\OTL.Txt
    2015-01-11 12:40 - 2015-01-11 12:41 - 00602112 _____ (OldTimer Tools) C:\Users\Samantha\Downloads\OTL.exe
    2015-01-07 12:31 - 2015-01-07 12:31 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Samantha\Downloads\SpyHunter-Installer.exe
    2015-01-07 12:06 - 2015-01-07 12:06 - 03060320 ____N (Symantec Corporation) C:\Users\Samantha\Downloads\NPE (1).exe
    2015-01-07 11:33 - 2015-01-07 11:33 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2015-01-07 11:24 - 2015-01-12 11:46 - 00000168 _____ () C:\Windows\setupact.log
    2015-01-07 11:24 - 2015-01-07 11:24 - 00000000 _____ () C:\Windows\setuperr.log
    2014-12-19 14:50 - 2014-12-19 15:28 - 00000000 ____D () C:\Users\Samantha\Desktop\Cellphone Dec 2014
    2014-12-19 11:47 - 2014-12-19 11:47 - 03060320 ____N (Symantec Corporation) C:\Users\Samantha\Downloads\NPE.exe
    2014-12-18 10:29 - 2014-12-18 10:29 - 00000000 _____ () C:\autoexec.bat
    2014-12-17 18:21 - 2014-12-17 18:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\51A67ED1.sys
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-12 13:10 - 2012-02-17 14:55 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CD2197DE-87B4-483E-86D5-CF6E04595018}
    2015-01-12 13:03 - 2013-01-10 10:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-12 12:57 - 2014-12-12 14:52 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-12 12:28 - 2014-12-09 13:07 - 00357940 _____ () C:\Windows\WindowsUpdate.log
    2015-01-12 11:58 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-12 11:58 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-12 11:53 - 2014-05-29 10:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-12 11:52 - 2014-12-12 14:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-12 11:49 - 2012-12-06 15:18 - 00000000 ____D () C:\Temp
    2015-01-12 11:47 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-11 12:41 - 2014-12-11 13:41 - 00000000 ___HD () C:\Users\Samantha\AppData\Local\NPE
    2015-01-11 12:29 - 2012-03-03 22:13 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSamantha
    2015-01-11 12:29 - 2012-03-03 22:13 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForSamantha.job
    2015-01-07 12:28 - 2012-03-24 20:08 - 00197120 ___SH () C:\Users\Samantha\Thumbs.db
    2015-01-07 12:15 - 2014-12-11 13:46 - 00000000 ____D () C:\NPE
    2015-01-07 11:25 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-12-25 09:52 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2014-12-25 09:46 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-18 10:20 - 2012-01-28 11:21 - 00000000 ____D () C:\ProgramData\Norton
     
    Some content of TEMP:
    ====================
    C:\Users\Samantha\AppData\Local\Temp\Quarantine.exe
    C:\Users\Samantha\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-12 12:51
     
    ==================== End Of Log ============================
     
    junkware
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Samantha on Mon 01/12/2015 at 13:05:40.26
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{0326B470-BD7F-4EEB-B8F0-9CF43313175C}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{0831C6CD-1664-4A6A-A1B2-5ADB6FC048F4}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{0F74A478-7C40-48B9-AEFD-414CE5BFEED9}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{1FC77201-D095-4A7A-A7C1-3962F7326710}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{250D703B-A329-45D4-ABC0-EC85E7E0C941}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{36DE05F2-3B9B-448B-A2D2-393FCFFB3DF1}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{38E95A09-6E53-43C6-AEDF-0BC641AB7D69}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{3DD4E710-00F3-48E7-A801-1C4EAD83248C}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{426D601B-BEB0-4DEF-9784-C3A773903433}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{49AAF070-7BC9-4C6D-8D0B-E4E46076084C}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{524F21E0-1CD2-4896-B0CA-E2F9FE44C799}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{5906696D-0D19-49FF-B1C0-7273F5F89C33}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{5BFF7590-7E2C-40E6-8B62-4B6F94F241A7}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{64B416F4-939C-4105-B82C-852E1978B485}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{6AF62F6C-3B8A-49F9-A0F1-F318615B7B54}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{735C85F1-91AD-4C88-BA31-A41438663E99}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{8E012789-0D62-4901-B4F4-7B87C1AA4C0B}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{A21CFC3E-AEF6-4B13-AAE6-2F7957F27AB8}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{B21B5A0A-6D1E-4848-A619-6E4FCCE600A2}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{B49C5BC4-2106-4E5B-8B92-7AC2DC14182A}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{BE349ADE-A777-433F-A1D7-C54AC7EA3F5D}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{D68DD084-6089-4C69-AB9D-60CB8A720863}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{F0C72750-0C06-4A65-9D52-66D7C412E9E1}
    Successfully deleted: [Empty Folder] C:\Users\Samantha\appdata\local\{F111525A-8BBD-47C2-B4C9-F43446AEFE23}
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 01/12/2015 at 13:08:19.37
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    Adwcleaner
     
     
    # AdwCleaner v4.107 - Report created 12/01/2015 at 11:44:32
    # Updated 07/01/2015 by Xplode
    # Database : 2014-12-21.4 [Local]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Samantha - SAMANTHA-HP
    # Running from : C:\Users\Samantha\Desktop\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\FlvPlayer
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F0356CB6-4AB7-425B-A31C-0369E0CB5E81}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F0356CB6-4AB7-425B-A31C-0369E0CB5E81}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\eSupport.com
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\SOFTWARE\Babylon
    Key Deleted : HKLM\SOFTWARE\Conduit
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17420
     
     
    -\\ Mozilla Firefox v
     
     
    -\\ Google Chrome v39.0.2171.95
     
     
    *************************
     
    AdwCleaner[R0].txt - [6207 octets] - [12/01/2015 11:36:55]
    AdwCleaner[S0].txt - [5381 octets] - [12/01/2015 11:44:32]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5441 octets] ##########
     

    • 0

    #4
    RKinner
    Posted 13 January 2015 - 05:06 PM

    RKinner

      Malware Expert

    • Expert
    • 24,624 posts
    • MVP
    Did you not get an Additions.txt file when you ran FRST?
     
    If Microsoft Security Essentials is still installed.  Please Uninstall it as two anti-viruses will fight each other and slow you down.
     
    There is no sign of any infection.
     
    I'm going to use FRST to remove some deadwood and any remnants of  Microsoft Security Essentials.   Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
     
     
    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     

     


    • 0

    #5
    sabay22
    Posted 14 January 2015 - 03:49 PM

    sabay22

      New Member

    • Topic Starter
    • Member
    • Pip
    • 7 posts

    Uninstalled Microsoft Essentials.

     

    Fixlog

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015 02

    Ran by Samantha at 2015-01-13 22:44:10 Run:2

    Running from C:\Users\Samantha\Downloads

    Loaded Profile: Samantha (Available profiles: Samantha)

    Boot Mode: Normal

    ==============================================

     

    Content of fixlist:

    *****************

    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk

    ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (No File)

    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    Toolbar: HKU\S-1-5-21-4012845451-3923464390-434844083-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

    S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]

    S1 MpKsl1485b1e6; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56002DA2-B28A-4109-A8BD-A263ED204C81}\MpKsl1485b1e6.sys [X]

    EmptyTemp:

    CMD: type C:\autoexec.bat

     

     

     

     

    *****************

     

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => Value not found.

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk not found.

    C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe not found.

    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.

    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.

    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.

    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.

    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.

    C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.

    motccgpfl => Service not found.

    MpKsl1485b1e6 => Service not found.

     

    =========  type C:\autoexec.bat =========

     

     

    ========= End of CMD: =========

     

    EmptyTemp: => Removed 13.2 MB temporary data.

     

     

    The system needed a reboot.

     

    ==== End of Fixlog 22:44:21 ====

    Addition

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02

    Ran by Samantha at 2015-01-13 22:34:25

    Running from C:\Users\Samantha\Downloads

    Boot Mode: Normal

    ==========================================================

     

     

    ==================== Security Center ========================

     

    (If an entry is included in the fixlist, it will be removed.)

     

    AV: Symantec Endpoint Protection (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    AS: Symantec Endpoint Protection (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

     

    ==================== Installed Programs ======================

     

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

     

    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)

    Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden

    Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)

    Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden

    Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden

    Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)

    Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden

    Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden

    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)

    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)

    Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden

    Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden

    Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden

    Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden

    Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden

    Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)

    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)

    Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden

    Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden

    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

    AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden

    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

    BitPim 1.0.7 (HKLM-x32\...\{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1) (Version: 1.0.7 - Joe Pham <[email protected]>)

    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

    CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)

    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden

    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)

    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)

    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

    DriverAgent by eSupport.com (HKLM\...\DriverAgent.exe) (Version:  - )

    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)

    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )

    ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)

    Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)

    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

    Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden

    FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden

    Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden

    Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.99.311 - Foxit Corporation)

    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation)

    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

    Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden

    HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)

    HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)

    HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)

    HP Documentation (HKLM-x32\...\{54F0ED3B-BD05-4B41-BCFC-E03FE2DDFF1D}) (Version: 1.1.0.0 - Hewlett-Packard)

    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)

    HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)

    HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)

    HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)

    HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)

    HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)

    HP Security Assistant (HKLM\...\{0576788F-2993-455F-80CD-980114095103}) (Version: 1.0.11 - Hewlett-Packard)

    HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)

    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)

    HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)

    HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)

    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)

    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

    Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)

    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)

    Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)

    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)

    Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)

    Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )

    Intel® PROSet/Wireless WiFi Software (HKLM\...\{E2D0B67F-8032-4E11-87C6-C8C721D331B3}) (Version: 15.01.0500.0903 - Intel Corporation)

    Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)

    iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)

    Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)

    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

    Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden

    Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden

    Livescribe Connect (HKLM-x32\...\com.livescribe.LivescribeConnect) (Version: 1.2.1.58498 - Livescribe Inc)

    Livescribe Connect (x32 Version: 1.2.1 - Livescribe Inc) Hidden

    Livescribe Desktop (HKLM-x32\...\Livescribe Desktop 2.8.3) (Version: 2.8.3 - Livescribe Inc)

    LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.96 - Symantec Corporation)

    Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden

    Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

    Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version:  - )

    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)

    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

    Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)

    Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden

    Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)

    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

    opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden

    PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden

    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

    Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden

    Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden

    Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden

    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)

    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)

    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)

    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden

    RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden

    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

    Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

    Symantec Endpoint Protection (HKLM\...\{73CA0462-DD49-495D-A6E5-AC4CF6F5FAC1}) (Version: 11.0.6100.645 - Symantec Corporation)

    Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)

    The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden

    Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden

    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

    Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)

    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

    VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)

    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden

    WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden

    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

     

    ==================== Custom CLSID (selected items): ==========================

     

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

     

     

    ==================== Restore Points  =========================

     

    15-12-2014 15:27:19 Windows Update

    18-12-2014 23:29:14 Windows Update

    22-12-2014 11:18:49 Windows Update

    07-01-2015 11:35:28 Windows Update

    11-01-2015 12:42:08 Windows Update

     

    ==================== Hosts content: ==========================

     

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

     

    2009-07-13 21:34 - 2012-04-24 20:22 - 00001367 ____N C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1                                                              activate.adobe.com

    127.0.0.1                                                              practivate.adobe.com

    127.0.0.1                                                              ereg.adobe.com

    127.0.0.1                                                              activate.wip3.adobe.com

    127.0.0.1                                                              wip3.adobe.com

    127.0.0.1                                                              3dns-3.adobe.com

    127.0.0.1                                                              3dns-2.adobe.com

    127.0.0.1                                                              adobe-dns.adobe.com

    127.0.0.1                                                              adobe-dns-2.adobe.com

    127.0.0.1                                                              adobe-dns-3.adobe.com

    127.0.0.1                                                              ereg.wip3.adobe.com

    127.0.0.1                                                              activate-sea.adobe.com

    127.0.0.1                                                              wwis-dubc1-vip60.adobe.com

    127.0.0.1                                                              activate-sjc0.adobe.com

    127.0.0.1                               adobe.activate.com

     

     

    ==================== Scheduled Tasks (whitelisted) =============

     

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

     

    Task: {0283F451-6E40-4426-B2E6-B987DC8416A4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)

    Task: {14AD4929-5E83-431C-B598-38C5908B1D3C} - System32\Tasks\{1E2B76E7-41E5-42F1-8FF8-A2D53B92F3CF} => Firefox.exe http://ui.skype.com/...all?page=tsMain

    Task: {192A8ACF-A545-4977-8F79-EC81ADF4B978} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()

    Task: {22F2F3C0-1247-40E8-84E4-B4DA081A0716} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)

    Task: {2A099BD9-A0AF-4F30-820D-06EABCD824F8} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()

    Task: {428D142F-2D00-41A3-9D9D-85FF2E9CC8E1} - System32\Tasks\{1F2CAC40-58A7-41DE-836E-0533BE2EA200} => pcalua.exe -a "C:\Users\Samantha\Downloads\ADOBE CS4 MASTER SUITE\ADOBE CREATIVE SUITE 4 MASTER COLLECTION________thethingy\CS4 Master Collection\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02" -c -silent

    Task: {461D96A1-0E6C-4304-BE18-0E42ECFBD742} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)

    Task: {49700E92-AB64-4349-9F5F-B5DCCBDDF087} - System32\Tasks\{A63570B3-BE53-FBAA-975E-DB71CD36FC73} => C:\Windows\system32\rehvk.dll/s "C:\Windows\system32\rehvk.dll"

    Task: {836206B3-E63C-4B9A-A5B6-443CDC3DEC5A} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()

    Task: {A4BA6E63-BD5A-4FB4-BFCF-1D1D5413D522} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)

    Task: {C98FE523-E31C-434A-8BF9-A94E1C52607B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-12] (Google Inc.)

    Task: {DFEFB1E6-3635-49B5-9847-BF33E3850DB7} - System32\Tasks\HPCeeScheduleForSamantha => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

    Task: {EE778BB8-5804-4C8F-82EA-7C3C735DCF21} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)

    Task: {F0421C2F-18D9-475B-BEF3-72E1BCD0E97B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)

    Task: {F4812925-E117-4D90-BB9D-C8E249709CA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-12] (Google Inc.)

    Task: {FE98BF2C-401F-451D-AA03-F090D5EAA8B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\HPCeeScheduleForSamantha.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

     

    ==================== Loaded Modules (whitelisted) =============

     

    2012-01-28 11:05 - 2011-08-10 01:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

    2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll

    2014-12-12 14:53 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

    2014-12-12 14:53 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

    2011-10-27 18:56 - 2011-10-27 18:56 - 00276992 _____ () C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommSdk.dll

    2014-12-12 14:53 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

    2014-12-12 14:53 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

    2014-11-13 23:47 - 2014-11-13 23:47 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll

    2012-01-28 11:05 - 2011-05-20 13:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

    2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

     

    ==================== Alternate Data Streams (whitelisted) =========

     

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

     

     

    ==================== Safe Mode (whitelisted) ===================

     

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

     

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"

     

    ==================== EXE Association (whitelisted) =============

     

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

     

     

    ==================== MSCONFIG/TASK MANAGER disabled items =========

     

    (Currently there is no automatic fix for this section.)

     

    MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

    MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

    MSCONFIG\startupreg: Adobe_ID0ENQBO => C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

    MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

    MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart

    MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

     

    ========================= Accounts: ==========================

     

    Administrator (S-1-5-21-4012845451-3923464390-434844083-500 - Administrator - Disabled)

    Guest (S-1-5-21-4012845451-3923464390-434844083-501 - Limited - Disabled)

    HomeGroupUser$ (S-1-5-21-4012845451-3923464390-434844083-1002 - Limited - Enabled)

    Samantha (S-1-5-21-4012845451-3923464390-434844083-1001 - Administrator - Enabled) => C:\Users\Samantha

     

    ==================== Faulty Device Manager Devices =============

     

    Name: MpKsl1485b1e6

    Description: MpKsl1485b1e6

    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

    Manufacturer:

    Service: MpKsl1485b1e6

    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

    Devices stay in this state if they have been prepared for removal.

    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

     

     

    ==================== Event log errors: =========================

     

    Application errors:

    ==================

    Error: (01/13/2015 10:25:31 PM) (Source: WinMgmt) (EventID: 10) (User: )

    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

     

     

    System errors:

    =============

    Error: (01/13/2015 10:26:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

     

    Error: (01/13/2015 10:24:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Windows Defender service terminated with the following error:

    %%126

     

    Error: (01/13/2015 10:10:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Windows Defender service terminated with the following error:

    %%126

     

    Error: (01/13/2015 10:09:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Windows Defender service terminated with the following error:

    %%126

     

    Error: (01/13/2015 10:09:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Windows Defender service terminated with the following error:

    %%126

     

    Error: (01/13/2015 10:09:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Windows Defender service terminated with the following error:

    %%126

     

    Error: (01/13/2015 10:09:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Windows Defender service terminated with the following error:

    %%126

     

    Error: (01/13/2015 10:09:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Windows Defender service terminated with the following error:

    %%126

     

    Error: (01/13/2015 10:09:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Windows Defender service terminated with the following error:

    %%126

     

    Error: (01/13/2015 10:09:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Windows Defender service terminated with the following error:

    %%126

     

     

    Microsoft Office Sessions:

    =========================

    Error: (12/06/2014 09:31:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6707.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1463 seconds with 60 seconds of active time.  This session ended with a crash.

     

    Error: (10/27/2014 03:39:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12289 seconds with 3300 seconds of active time.  This session ended with a crash.

     

    Error: (11/20/2013 08:50:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 590961 seconds with 28560 seconds of active time.  This session ended with a crash.

     

    Error: (09/21/2013 00:02:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2313 seconds with 1860 seconds of active time.  This session ended with a crash.

     

     

    CodeIntegrity Errors:

    ===================================

      Date: 2013-11-05 18:24:30.063

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2013-11-05 18:24:29.998

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2013-10-01 18:05:59.500

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2013-10-01 18:05:59.429

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2013-09-18 19:52:20.392

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2013-09-18 19:52:20.332

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2013-09-07 14:16:19.691

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2013-09-07 14:16:19.631

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2013-09-07 14:15:00.401

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2013-09-07 14:15:00.351

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

     

    ==================== Memory info ===========================

     

    Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz

    Percentage of memory in use: 34%

    Total physical RAM: 8139.86 MB

    Available physical RAM: 5315.91 MB

    Total Pagefile: 16277.9 MB

    Available Pagefile: 13411.3 MB

    Total Virtual: 8192 MB

    Available Virtual: 8191.84 MB

     

    ==================== Drives ================================

     

    Drive c: () (Fixed) (Total:673.19 GB) (Free:147.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Drive d: (Recovery) (Fixed) (Total:21.28 GB) (Free:2.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32

     

    ==================== MBR & Partition Table ==================

     

    ========================================================

    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5886C2AB)

    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

    Partition 2: (Not Active) - (Size=673.2 GB) - (Type=07 NTFS)

    Partition 3: (Not Active) - (Size=21.3 GB) - (Type=07 NTFS)

    Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

     

    ==================== End Of Log ============================

    Vino's Event Viewer v01c run on Windows 2008 in English

    Report run at 13/01/2015 11:36:45 PM

     

    Note: All dates below are in the format dd/mm/yyyy

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    'System' Log - Critical Type

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    'System' Log - Error Type

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Log: 'System' Date/Time: 14/01/2015 4:02:54 AM

    Type: Error Category: 0

    Event: 10016 Source: Microsoft-Windows-DistributedCOM

    The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

     

    Log: 'System' Date/Time: 14/01/2015 4:01:31 AM

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The Windows Defender service terminated with the following error:  The specified module could not be found.

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    'System' Log - Warning Type

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Log: 'System' Date/Time: 14/01/2015 4:04:25 AM

    Type: Warning Category: 0

    Event: 1014 Source: Microsoft-Windows-DNS-Client

    Name resolution for the name www.geekstogo.com timed out after none of the configured DNS servers responded.

     

    Log: 'System' Date/Time: 14/01/2015 3:58:58 AM

    Type: Warning Category: 0

    Event: 11 Source: Microsoft-Windows-Wininit

    Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

     

    Log: 'System' Date/Time: 14/01/2015 3:58:23 AM

    Type: Warning Category: 212

    Event: 219 Source: Microsoft-Windows-Kernel-PnP

    The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\484c7e548f66.

     

    Log: 'System' Date/Time: 14/01/2015 3:57:23 AM

    Type: Warning Category: 0

    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

    WLAN AutoConfig service has successfully stopped.

     

    Log: 'System' Date/Time: 14/01/2015 3:57:23 AM

    Type: Warning Category: 0

    Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig

    WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll

    PROCESS EXPLORER

    Process                CPU       Private Bytes     Working Set       PID         Description         Company Name               Verified Signer

    System Idle Process        88.25     0 K          24 K        0                                             

    mbam.exe          8.81        241,252 K             250,852 K             548         Malwarebytes Anti-Malware      Malwarebytes Corporation                (Verified) Malwarebytes Corporation

    procexp64.exe  1.16        47,156 K               60,312 K               5920       Sysinternals Process Explorer     Sysinternals - www.sysinternals.com  (Verified) Sysinternals

    Interrupts           0.39        0 K          0 K          n/a         Hardware Interrupts and DPCs                 

    WmiPrvSE.exe  0.31        8,036 K  12,480 K               3720       WMI Provider Host         Microsoft Corporation   (Verified) Microsoft Windows

    dwm.exe             0.25        144,080 K             79,968 K               1616       Desktop Window Manager          Microsoft Corporation                (Verified) Microsoft Windows

    System 0.17        172 K     2,184 K  4                                             

    csrss.exe             0.15        3,768 K  36,820 K               588         Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows

    explorer.exe      0.09        80,292 K               91,808 K               1624       Windows Explorer           Microsoft Corporation   (Verified) Microsoft Windows

    ipoint.exe           0.07        6,180 K  13,808 K               2636       IPoint.exe           Microsoft Corporation   (Verified) Microsoft Corporation

    svchost.exe        0.07        38,880 K               55,668 K               556         Host Process for Windows Services         Microsoft Corporation        (Verified) Microsoft Windows

    mbam.exe          0.05        33,736 K               47,200 K               1804       Malwarebytes Anti-Malware      Malwarebytes Corporation                (Verified) Malwarebytes Corporation

    svchost.exe        0.04        240,344 K             249,384 K             376         Host Process for Windows Services         Microsoft Corporation        (Verified) Microsoft Windows

    Smc.exe               0.04        22,676 K               8,524 K  1524       Symantec CMC Smc        Symantec Corporation   (Verified) Symantec Corporation

    wlanext.exe       0.02        9,896 K  19,304 K               1944       Windows Wireless LAN 802.11 Extensibility Framework  Microsoft Corporation        (Verified) Microsoft Windows

    LMS.exe              0.02        2,796 K  5,192 K  6796       Local Manageability Service         Intel Corporation             (Verified) Intel Corporation

    svchost.exe        0.01        12,304 K               20,860 K               2000       Host Process for Windows Services         Microsoft Corporation        (Verified) Microsoft Windows

    svchost.exe        0.01        20,436 K               27,676 K               532         Host Process for Windows Services         Microsoft Corporation        (Verified) Microsoft Windows

    WmiPrvSE.exe  0.01        6,132 K  12,200 K               4916       WMI Provider Host         Microsoft Corporation   (Verified) Microsoft Windows

    svchost.exe        0.01        6,072 K  11,404 K               812         Host Process for Windows Services         Microsoft Corporation                (Verified) Microsoft Windows

    SmcGui.exe        0.01        7,224 K  6,040 K  5760       Symantec CMC SmcGui Symantec Corporation   (Verified) Symantec Corporation

    services.exe       0.01        9,540 K  15,104 K               692         Services and Controller app         Microsoft Corporation   (Verified) Microsoft Windows

    lsass.exe              < 0.01    6,932 K  14,964 K               700         Local Security Authority Process                Microsoft Corporation                (Verified) Microsoft Windows

    chrome.exe       < 0.01    65,856 K               90,996 K               3120       Google Chrome                Google Inc.         (Verified) Google Inc

    IAStorDataMgrSvc.exe  < 0.01    23,488 K               21,400 K               2360       IAStorDataSvc   Intel Corporation             (Verified) Intel Corporation

    iPodService.exe               < 0.01    4,236 K  8,600 K  5832       iPodService Module (64-bit)       Apple Inc.            (Verified) Apple Inc.

    svchost.exe        < 0.01    13,984 K               17,928 K               2096       Host Process for Windows Services         Microsoft Corporation        (Verified) Microsoft Windows

    PenCommService.exe   < 0.01    2,572 K  6,024 K  3792       Livescribe Smartpen Communication Service      Livescribe            (No signature was present in the subject) Livescribe

    CCleaner64.exe                < 0.01    7,888 K  18,016 K               2436       CCleaner              Piriform Ltd        (Verified) Piriform Ltd

    ZeroConfigService.exe  < 0.01    8,972 K  17,180 K               4972       Intel® PROSet/Wireless Zero Configure Service Intel® Corporation        (Verified) Intel Corporation-Mobile Wireless Group

    wmpnetwk.exe                < 0.01    24,544 K               6,640 K  5492       Windows Media Player Network Sharing Service                Microsoft Corporation   (Verified) Microsoft Windows

    lsm.exe                < 0.01    3,344 K  5,160 K  712         Local Session Manager Service   Microsoft Corporation   (Verified) Microsoft Windows

    unsecapp.exe   < 0.01    2,664 K  6,056 K  4900       Sink to receive asynchronous callbacks for WMI client application                Microsoft Corporation   (Verified) Microsoft Windows

    EvtEng.exe         < 0.01    9,184 K  16,480 K               1288       Intel® PROSet/Wireless Event Log Service         Intel® Corporation                (Verified) Intel Corporation-Mobile Wireless Group

    HPOSD.exe         < 0.01    4,400 K  11,340 K               3440       HP On Screen Display     Hewlett-Packard Development Company, L.P.         (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company, L.P.

    SynTPEnh.exe   < 0.01    11,332 K               17,488 K               2564       Synaptics TouchPad Enhancements         Synaptics Incorporated     (Verified) Microsoft Windows Hardware Compatibility Publisher

    taskhost.exe      < 0.01    9,828 K  13,436 K               1964       Host Process for Windows Tasks               Microsoft Corporation                (Verified) Microsoft Windows

    itype.exe             < 0.01    6,744 K  14,784 K               2612       IType.exe            Microsoft Corporation   (Verified) Microsoft Corporation

    SearchIndexer.exe         < 0.01    44,800 K               34,936 K               5304       Microsoft Windows Search Indexer         Microsoft Corporation        (Verified) Microsoft Windows

    WLIDSVC.EXE     < 0.01    7,428 K  15,964 K               4432       Microsoft® Windows Live ID Service        Microsoft Corp.                (Verified) Microsoft Corporation

    Rtvscan.exe       < 0.01    8,124 K  4,224 K  3232       Symantec AntiVirus        Symantec Corporation   (Verified) Symantec Corporation

    svchost.exe        < 0.01    21,608 K               24,980 K               132         Host Process for Windows Services         Microsoft Corporation        (Verified) Microsoft Windows

    YCMMirage.exe               < 0.01    2,108 K  936 K     3976       YouCam Mirage                CyberLink            (Verified) CyberLink

    csrss.exe             < 0.01    3,164 K  5,552 K  520         Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows

    ProtectionUtilSurrogate.exe       < 0.01    4,476 K  13,028 K               3676       Symantec AntiVirus        Symantec Corporation                (Verified) Symantec Corporation

    IAStorIcon.exe  < 0.01    28,044 K               24,800 K               3428       IAStorIcon           Intel Corporation             (Verified) Intel Corporation

    svchost.exe        < 0.01    17,904 K               19,568 K               1812       Host Process for Windows Services         Microsoft Corporation        (Verified) Microsoft Windows

    AppSrv.exe        < 0.01    5,972 K  8,836 K  4272       WiMAX SDK service for Intel® PROSet/Wireless WiMAX Software                Intel® Corporation       (No signature was present in the subject) Intel® Corporation

    iTunesHelper.exe            < 0.01    3,432 K  9,676 K  3732       iTunesHelper     Apple Inc.            (Verified) Apple Inc.

    WUDFHost.exe < 0.01    8,200 K  8,260 K  1456       Windows Driver Foundation - User-mode Driver Framework Host Process                Microsoft Corporation   (Verified) Microsoft Windows

    spoolsv.exe        < 0.01    12,848 K               20,248 K               1548       Spooler SubSystem App               Microsoft Corporation                (Verified) Microsoft Windows

    BTHSAmpPalService.exe              < 0.01    2,804 K  5,332 K  5024       Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter               Intel Corporation             (Verified) Intel Corporation - Mobile Wireless Group

    stacsv64.exe      < 0.01    13,216 K               9,360 K  404         IDT PC Audio      IDT, Inc.                (Verified) Microsoft Windows Hardware Compatibility Publisher

    hpservice.exe   < 0.01    2,356 K  5,452 K  1332       HpService            Hewlett-Packard Company          (Verified) Microsoft Windows Hardware Compatibility Publisher

    svchost.exe        < 0.01    3,776 K  7,712 K  2072       Host Process for Windows Services         Microsoft Corporation   (Verified) Microsoft Windows

    WLIDSVCM.EXE                                2,116 K  4,140 K  4936       Microsoft® Windows Live ID Service Monitor      Microsoft Corp.                (Verified) Microsoft Corporation

    WINWORD.EXE                 31,852 K               65,360 K               3156       Microsoft Office Word   Microsoft Corporation   (Verified) Microsoft Corporation

    winlogon.exe                    4,236 K  8,792 K  644         Windows Logon Application        Microsoft Corporation   (Verified) Microsoft Windows

    wininit.exe                         2,604 K  5,624 K  596         Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows

    unsecapp.exe                   3,028 K  7,392 K  4312       Sink to receive asynchronous callbacks for WMI client application                Microsoft Corporation   (Verified) Microsoft Windows

    UNS.exe                              3,636 K  7,864 K  5820       User Notification Service              Intel Corporation             (Verified) Intel Corporation

    TrueSuiteService.exe                     1,924 K  5,492 K  880         HP Service           HP          (Verified) AuthenTec

    TouchControl.exe                            6,516 K  15,784 K               7880       TouchControl     HP          (Verified) AuthenTec

    taskeng.exe                       3,296 K  7,368 K  2928       Task Scheduler Engine   Microsoft Corporation   (Verified) Microsoft Windows

    SynTPHelper.exe                             2,348 K  4,424 K  2852       Synaptics Pointing Device Helper              Synaptics Incorporated                (Verified) Microsoft Windows Hardware Compatibility Publisher

    svchost.exe                        8,188 K  12,648 K               944         Host Process for Windows Services         Microsoft Corporation                (Verified) Microsoft Windows

    svchost.exe                        6,608 K  12,032 K               7148       Host Process for Windows Services         Microsoft Corporation                (Verified) Microsoft Windows

    svchost.exe                        2,980 K  6,460 K  1040       Host Process for Windows Services         Microsoft Corporation   (Verified) Microsoft Windows

    svchost.exe                        2,540 K  6,308 K  1636       Host Process for Windows Services         Microsoft Corporation   (Verified) Microsoft Windows

    sttray64.exe                       10,072 K               20,848 K               2536       IDT PC Audio      IDT, Inc.                (Verified) Microsoft Windows Hardware Compatibility Publisher

    StikyNot.exe                      6,532 K  13,408 K               2840       Sticky Notes       Microsoft Corporation   (Verified) Microsoft Windows

    splwow64.exe                   3,336 K  8,480 K  4492       Print driver host for 32bit applications    Microsoft Corporation   (Verified) Microsoft Windows

    smss.exe                             736 K     1,392 K  360         Windows Session Manager         Microsoft Corporation   (Verified) Microsoft Windows

    RIconMan.exe                  3,232 K  6,744 K  3236       Realtek Card Reader Icon Tool.  Realsil Microelectronics Inc.        (No signature was present in the subject) Realsil Microelectronics Inc.

    RegSrvc.exe                       3,276 K  7,952 K  1344       Intel® PROSet/Wireless Registry Service            Intel® Corporation                (Verified) Intel Corporation-Mobile Wireless Group

    procexp.exe                      2,560 K  7,568 K  776         Sysinternals Process Explorer     Sysinternals - www.sysinternals.com                (Verified) Microsoft Corporation

    prevhost.exe                     3,356 K  9,148 K  4904       Preview Handler Surrogate Host               Microsoft Corporation   (Verified) Microsoft Windows

    notepad.exe                      1,704 K  6,988 K  6836       Notepad              Microsoft Corporation   (Verified) Microsoft Windows

    MotoHelperService.exe                               3,276 K  8,304 K  4024       MotoHelper Service       Motorola Mobility LLC    (Verified) Motorola Mobility Inc.

    MotoHelperAgent.exe                  3,992 K  9,744 K  3084       MotoHelperAgent           Motorola Mobility LLC    (Verified) Motorola Mobility Inc.

    mDNSResponder.exe                    3,032 K  6,540 K  3060       Bonjour Service                Apple Inc.            (Verified) Apple Inc.

    mbamservice.exe                            198,712 K             78,040 K               3984       Malwarebytes Anti-Malware      Malwarebytes Corporation        (Verified) Malwarebytes Corporation

    mbamscheduler.exe                      6,248 K  10,668 K               3308       Malwarebytes Anti-Malware      Malwarebytes Corporation                (Verified) Malwarebytes Corporation

    jusched.exe                       1,440 K  4,692 K  3752       Java™ Update Scheduler        Oracle Corporation          (Verified) Oracle America

    jhi_service.exe                 1,388 K  4,728 K  3264       Intel  IPT Host Interface Service Intel Corporation             (Verified) Intel® Identity Protection Technology Software

    igfxpers.exe                       5,116 K  11,396 K               2508       persistence Module       Intel Corporation             (Verified) Microsoft Windows Hardware Compatibility Publisher

    HPWMISVC.exe                               1,284 K  3,928 K  3172       HP Quick Launch WMI Service    Hewlett-Packard Development Company, L.P.   (Verified) Hewlett-Packard Company

    hpqWmiEx.exe                 2,332 K  6,996 K  5164       HP Software Framework WMI Service    Hewlett-Packard Company                (Verified) Hewlett-Packard Company

    HPClientServices.exe                     4,780 K  8,924 K  2892       HP Client Services            Hewlett-Packard Company          (A certificate was explicitly revoked by its issuer) Hewlett-Packard Company

    hkcmd.exe                         3,932 K  8,084 K  2452       hkcmd Module Intel Corporation             (Verified) Microsoft Windows Hardware Compatibility Publisher

    ForwardDaemon.exe                     1,744 K  5,008 K  2584       ForwardDemon                Motorola             (No signature was present in the subject) Motorola

    FCUpdateService.exe                    1,268 K  4,972 K  2764       Foxit Cloud Safe Update Service               Foxit Corporation                (Verified) Foxit Corporation

    DMAgent.exe                   7,600 K  11,056 K               4528       Red Bend Device Management Service for Intel® PROSet/Wireless WiMAX Software         Red Bend Ltd.    (No signature was present in the subject) Red Bend Ltd.

    CoolSense.exe                  2,516 K  8,148 K  3448       HP CoolSense    Hewlett-Packard Development Company, L.P.   (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company, L.P.

    conhost.exe                       1,460 K  3,244 K  1960       Console Window Host   Microsoft Corporation   (Verified) Microsoft Windows

    chrome.exe                       61,268 K               55,740 K               3416       Google Chrome                Google Inc.         (Verified) Google Inc

    ccSvcHst.exe                      7,340 K  3,452 K  1952       Symantec Service Framework    Symantec Corporation   (Verified) Symantec Corporation

    ccApp.exe                           3,260 K  632 K     3492       Symantec User Session Symantec Corporation   (Verified) Symantec Corporation

    BTHSSecurityMgr.exe                    5,544 K  10,380 K               2804       Intel® BlueTooth® HS Security Manager Service                Intel® Corporation       (Verified) Intel Corporation-Mobile Wireless Group

    BioMonitor.exe                                1,684 K  5,108 K  7544       BioMonitor         HP          (Verified) AuthenTec

    armsvc.exe                         1,320 K  4,032 K  2968       Adobe Acrobat Update Service Adobe Systems Incorporated     (Verified) Adobe Systems

    AESTSr64.exe                    1,900 K  3,548 K  2992       Andrea filters APO access service (64-bit)             Andrea Electronics Corporation        (Verified) Microsoft Windows Hardware Compatibility Publisher


    • 0

    #6
    RKinner
    Posted 14 January 2015 - 05:02 PM

    RKinner

      Malware Expert

    • Expert
    • 24,624 posts
    • MVP

    Something showed up this time.

    Submit this file:

     

    C:\Windows\system32\rehvk.dll

     

    to virustotal:

     

     
    Easiest way to submit a file is to copy the path:
     
    C:\Windows\system32\rehvk.dll
     
    Then
    Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with spoolsv.exe chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 46 different anti-virus companies.  In either case, If the Detection ratio: is not 0 / 58  or so then copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.
     
     
    If it comes up dirty then we can remove it with FRST:
     
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     

     


    • 0

    #7
    sabay22
    Posted 20 January 2015 - 02:58 PM

    sabay22

      New Member

    • Topic Starter
    • Member
    • Pip
    • 7 posts

    Hello,

     

    I copied and paste the C:\Windows\system32\rehvk.dll and it says the file is not found. 


     


    • 0

    #8
    RKinner
    Posted 20 January 2015 - 05:56 PM

    RKinner

      Malware Expert

    • Expert
    • 24,624 posts
    • MVP

    OK.  Download the  fixlist.txt from my previous post to the same location as FRST

    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

    • 0

    #9
    sabay22
    Posted 23 January 2015 - 11:52 AM

    sabay22

      New Member

    • Topic Starter
    • Member
    • Pip
    • 7 posts
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
    Ran by Samantha at 2015-01-23 12:49:18 Run:4
    Running from C:\Users\Samantha\Downloads
    Loaded Profiles: Samantha (Available profiles: Samantha)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    Task: {49700E92-AB64-4349-9F5F-B5DCCBDDF087} - System32\Tasks\{A63570B3-BE53-FBAA-975E-DB71CD36FC73} => C:\Windows\system32\rehvk.dll/s "C:\Windows\system32\rehvk.dll"
    C:\Windows\system32\rehvk.dll
    *****************
     
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49700E92-AB64-4349-9F5F-B5DCCBDDF087} => Key not found. 
    C:\Windows\System32\Tasks\{A63570B3-BE53-FBAA-975E-DB71CD36FC73} not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A63570B3-BE53-FBAA-975E-DB71CD36FC73} => Key not found. 
    "C:\Windows\system32\rehvk.dll" => File/Directory not found.
     
    ==== End of Fixlog 12:49:18 ====
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
    Ran by Samantha at 2015-01-23 12:50:33
    Running from C:\Users\Samantha\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Symantec Endpoint Protection (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Symantec Endpoint Protection (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
    Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
    Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
    Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
    Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
    Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
    Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
    Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
    Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
    Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
    Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    BitPim 1.0.7 (HKLM-x32\...\{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1) (Version: 1.0.7 - Joe Pham <[email protected]>)
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DriverAgent by eSupport.com (HKLM\...\DriverAgent.exe) (Version:  - )
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
    ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
    Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.99.311 - Foxit Corporation)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
    HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
    HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
    HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{54F0ED3B-BD05-4B41-BCFC-E03FE2DDFF1D}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
    HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
    HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
    HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
    HP Security Assistant (HKLM\...\{0576788F-2993-455F-80CD-980114095103}) (Version: 1.0.11 - Hewlett-Packard)
    HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
    HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
    Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
    Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
    Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{E2D0B67F-8032-4E11-87C6-C8C721D331B3}) (Version: 15.01.0500.0903 - Intel Corporation)
    Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
    iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
    Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Livescribe Connect (HKLM-x32\...\com.livescribe.LivescribeConnect) (Version: 1.2.1.58498 - Livescribe Inc)
    Livescribe Connect (x32 Version: 1.2.1 - Livescribe Inc) Hidden
    Livescribe Desktop (HKLM-x32\...\Livescribe Desktop 2.8.3) (Version: 2.8.3 - Livescribe Inc)
    LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.96 - Symantec Corporation)
    Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version:  - )
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
    Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
    Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
    PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
    Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
    Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
    RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Symantec Endpoint Protection (HKLM\...\{73CA0462-DD49-495D-A6E5-AC4CF6F5FAC1}) (Version: 11.0.6100.645 - Symantec Corporation)
    Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
    The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
    WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
     
    ==================== Restore Points  =========================
     
    07-01-2015 11:35:28 Windows Update
    11-01-2015 12:42:08 Windows Update
    21-01-2015 13:33:48 Scheduled Checkpoint
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 21:34 - 2012-04-24 20:22 - 00001367 ____N C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1                               adobe.activate.com 
     
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {0283F451-6E40-4426-B2E6-B987DC8416A4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
    Task: {14AD4929-5E83-431C-B598-38C5908B1D3C} - System32\Tasks\{1E2B76E7-41E5-42F1-8FF8-A2D53B92F3CF} => Firefox.exe http://ui.skype.com/...all?page=tsMain
    Task: {192A8ACF-A545-4977-8F79-EC81ADF4B978} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
    Task: {22F2F3C0-1247-40E8-84E4-B4DA081A0716} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
    Task: {2A099BD9-A0AF-4F30-820D-06EABCD824F8} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
    Task: {428D142F-2D00-41A3-9D9D-85FF2E9CC8E1} - System32\Tasks\{1F2CAC40-58A7-41DE-836E-0533BE2EA200} => pcalua.exe -a "C:\Users\Samantha\Downloads\ADOBE CS4 MASTER SUITE\ADOBE CREATIVE SUITE 4 MASTER COLLECTION________thethingy\CS4 Master Collection\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02" -c -silent
    Task: {461D96A1-0E6C-4304-BE18-0E42ECFBD742} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
    Task: {836206B3-E63C-4B9A-A5B6-443CDC3DEC5A} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
    Task: {A4BA6E63-BD5A-4FB4-BFCF-1D1D5413D522} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
    Task: {C98FE523-E31C-434A-8BF9-A94E1C52607B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-12] (Google Inc.)
    Task: {DFEFB1E6-3635-49B5-9847-BF33E3850DB7} - System32\Tasks\HPCeeScheduleForSamantha => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {EE778BB8-5804-4C8F-82EA-7C3C735DCF21} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
    Task: {F0421C2F-18D9-475B-BEF3-72E1BCD0E97B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
    Task: {F4812925-E117-4D90-BB9D-C8E249709CA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-12] (Google Inc.)
    Task: {FE98BF2C-401F-451D-AA03-F090D5EAA8B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForSamantha.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2012-01-28 11:05 - 2011-08-10 01:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
    2011-10-27 18:56 - 2011-10-27 18:56 - 00276992 _____ () C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommSdk.dll
    2014-11-13 23:47 - 2014-11-13 23:47 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
    2012-01-28 11:05 - 2011-05-20 13:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
    2015-01-21 12:07 - 2015-01-08 19:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
    2015-01-21 12:07 - 2015-01-08 19:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
    2015-01-21 12:07 - 2015-01-08 19:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
    2015-01-21 12:07 - 2015-01-08 19:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    MSCONFIG\startupreg: Adobe_ID0ENQBO => C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
    MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-4012845451-3923464390-434844083-500 - Administrator - Disabled)
    Guest (S-1-5-21-4012845451-3923464390-434844083-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4012845451-3923464390-434844083-1002 - Limited - Enabled)
    Samantha (S-1-5-21-4012845451-3923464390-434844083-1001 - Administrator - Enabled) => C:\Users\Samantha
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (01/21/2015 00:11:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 90080108
     
    Error: (01/21/2015 11:42:36 AM) (Source: SescLU) (EventID: 13) (User: )
    Description: LiveUpdate returned a non-critical error.  Available content updates may have failed to install.
     
    Error: (01/13/2015 11:01:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
     
    System errors:
    =============
    Error: (01/21/2015 11:42:35 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {03E0E6C2-363B-11D3-B536-00902771A435}
     
    Error: (01/13/2015 11:02:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
     
    Error: (01/13/2015 11:01:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Defender service terminated with the following error: 
    %%126
     
     
    Microsoft Office Sessions:
    =========================
    Error: (12/06/2014 09:31:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6707.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1463 seconds with 60 seconds of active time.  This session ended with a crash.
     
    Error: (10/27/2014 03:39:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12289 seconds with 3300 seconds of active time.  This session ended with a crash.
     
    Error: (11/20/2013 08:50:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 590961 seconds with 28560 seconds of active time.  This session ended with a crash.
     
    Error: (09/21/2013 00:02:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2313 seconds with 1860 seconds of active time.  This session ended with a crash.
     
     
    CodeIntegrity Errors:
    ===================================
      Date: 2013-11-05 18:24:30.063
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-11-05 18:24:29.998
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-10-01 18:05:59.500
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-10-01 18:05:59.429
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-09-18 19:52:20.392
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-09-18 19:52:20.332
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-09-07 14:16:19.691
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-09-07 14:16:19.631
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-09-07 14:15:00.401
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-09-07 14:15:00.351
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
    Percentage of memory in use: 34%
    Total physical RAM: 8139.86 MB
    Available physical RAM: 5300.57 MB
    Total Pagefile: 16277.9 MB
    Available Pagefile: 13093.04 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:673.19 GB) (Free:149.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Recovery) (Fixed) (Total:21.28 GB) (Free:2.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5886C2AB)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=673.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=21.3 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
     
    ==================== End Of Log ============================
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
    Ran by Samantha (administrator) on SAMANTHA-HP on 23-01-2015 12:49:59
    Running from C:\Users\Samantha\Downloads
    Loaded Profiles: Samantha (Available profiles: Samantha)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    (Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
    (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\System32\prevhost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
    HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2010-10-11] (Symantec Corporation)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\Run: [EPSON Stylus Photo 1400 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBUA.EXE [213504 2007-08-02] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\Run: [EPSON Stylus CX7400 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE [209408 2007-02-15] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\Run: [EPSON Stylus CX7400 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE [209408 2007-02-15] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\Run: [GoogleChromeAutoLaunch_EDAEA16D39FC2441458D534C4A684548] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-08] (Google Inc.)
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\MountPoints2: G - G:\LaunchU3.exe -a
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\MountPoints2: {1e3fb9a0-879f-11e4-a020-082e5f8576b6} - G:\MotorolaDeviceManagerSetup.exe -a
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\MountPoints2: {207c0b5f-2066-11e3-bdf6-082e5f8576b6} - "G:\WD SmartWare.exe" autoplay=true
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\MountPoints2: {9885f25f-29d3-11e3-b48e-082e5f8576b6} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\MountPoints2: {d92e87ac-66e3-11e1-b574-082e5f8576b6} - G:\TL-Bootstrap.exe
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\...\MountPoints2: {f3fadb6a-7861-11e2-b233-082e5f8576b6} - H:\MotorolaDeviceManagerSetup.exe -a
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKU\S-1-5-21-4012845451-3923464390-434844083-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    SearchScopes: HKLM -> {90EF5819-E2B6-46A6-8730-753BF2FD106A} URL = http://www.amazon.co...s={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
    SearchScopes: HKLM-x32 -> {90EF5819-E2B6-46A6-8730-753BF2FD106A} URL = http://www.amazon.co...s={searchTerms}
    SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
    SearchScopes: HKU\S-1-5-21-4012845451-3923464390-434844083-1001 -> {90EF5819-E2B6-46A6-8730-753BF2FD106A} URL = http://www.amazon.co...s={searchTerms}
    SearchScopes: HKU\S-1-5-21-4012845451-3923464390-434844083-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
    BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\2qxe28tk.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF user.js: detected! => C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\2qxe28tk.default\user.js
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Extension: IE Tab + - C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\2qxe28tk.default\Extensions\[email protected] [2013-12-08]
    FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-11-11]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
     
    Chrome: 
    =======
    CHR Profile: C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-12]
    CHR Extension: (Google Docs) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-12]
    CHR Extension: (Google Drive) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-12]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-12]
    CHR Extension: (YouTube) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-12]
    CHR Extension: (Google Search) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-12]
    CHR Extension: (Website Logon) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2014-12-12]
    CHR Extension: (Google Sheets) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-12]
    CHR Extension: (Google Wallet) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-12]
    CHR Extension: (Gmail) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-12]
    CHR HKLM-x32\...\Chrome\Extension: [${CHROME_KEY}] - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibar.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2009-06-08] (Adobe Systems Incorporated)
    R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-10-11] (Symantec Corporation)
    R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-10-11] (Symantec Corporation)
    R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
    R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
    R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
    S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-02-17] (Symantec Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
    R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe) [File not signed]
    R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
    R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3234848 2010-10-11] (Symantec Corporation)
    S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [425800 2010-10-11] (Symantec Corporation)
    R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1832072 2010-10-11] (Symantec Corporation)
    R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
    S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-13] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\eng64.sys [129752 2014-11-17] (Symantec Corporation)
    R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\ex64.sys [2137304 2014-11-17] (Symantec Corporation)
    S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2011-10-27] (Windows ® Win 7 DDK provider)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
    R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [447536 2010-10-11] (Symantec Corporation)
    R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [447536 2010-10-11] (Symantec Corporation)
    S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2010-10-11] (Symantec Corporation)
    S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [482352 2010-10-11] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2010-10-11] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32304 2010-10-11] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2012-02-19] (Symantec Corporation)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Western Digital Technologies) [File not signed]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-23 12:47 - 2015-01-23 12:47 - 00000000 ____D () C:\Users\Samantha\Downloads\FRST-OlderVersion
    2015-01-14 16:43 - 2015-01-14 16:44 - 00012655 _____ () C:\Users\Samantha\Downloads\System Idle Process.txt
    2015-01-14 16:39 - 2015-01-14 16:39 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Samantha\Downloads\procexp.exe
    2015-01-13 23:36 - 2015-01-13 23:36 - 00002372 _____ () C:\VEW.txt
    2015-01-13 23:35 - 2015-01-13 23:35 - 00061440 _____ ( ) C:\Users\Samantha\Downloads\VEW.exe
    2015-01-13 23:35 - 2015-01-13 23:35 - 00040368 _____ () C:\Users\Samantha\Desktop\junk.txt
    2015-01-13 23:12 - 2015-01-13 23:13 - 00001205 _____ () C:\Users\Samantha\Desktop\cmd - Shortcut.lnk
    2015-01-13 22:34 - 2015-01-13 22:34 - 00036688 _____ () C:\Users\Samantha\Downloads\Addition.txt
    2015-01-13 22:33 - 2015-01-23 12:50 - 00024778 _____ () C:\Users\Samantha\Downloads\FRST.txt
    2015-01-13 22:32 - 2015-01-23 12:47 - 02126848 _____ (Farbar) C:\Users\Samantha\Downloads\FRST64.exe
    2015-01-13 22:31 - 2015-01-13 22:31 - 00025334 _____ () C:\Users\Samantha\Desktop\download.htm
    2015-01-13 22:29 - 2015-01-13 22:29 - 00002234 _____ () C:\Users\Samantha\Desktop\fixlist.txt
    2015-01-12 13:10 - 2015-01-23 12:50 - 00000000 ____D () C:\FRST
    2015-01-12 13:10 - 2015-01-12 13:11 - 00034324 _____ () C:\Users\Samantha\Desktop\Addition.txt
    2015-01-12 13:10 - 2015-01-12 13:11 - 00031785 _____ () C:\Users\Samantha\Desktop\FRST.txt
    2015-01-12 13:08 - 2015-01-12 13:08 - 00003402 _____ () C:\Users\Samantha\Desktop\JRT.txt
    2015-01-12 13:05 - 2015-01-12 13:05 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-12 12:04 - 2015-01-12 12:04 - 00005605 _____ () C:\Users\Samantha\Desktop\AdwCleaner[S0].txt
    2015-01-12 11:45 - 2015-01-13 22:36 - 00002324 _____ () C:\Windows\PFRO.log
    2015-01-12 11:34 - 2015-01-12 11:34 - 02124288 _____ (Farbar) C:\Users\Samantha\Desktop\FRST64.exe
    2015-01-12 11:32 - 2015-01-12 11:33 - 01707939 _____ (Thisisu) C:\Users\Samantha\Desktop\JRT.exe
    2015-01-12 11:29 - 2015-01-12 11:44 - 00000000 ____D () C:\AdwCleaner
    2015-01-12 11:21 - 2015-01-12 11:22 - 02191360 _____ () C:\Users\Samantha\Desktop\AdwCleaner.exe
    2015-01-11 13:06 - 2015-01-11 13:06 - 00602112 _____ (OldTimer Tools) C:\Users\Samantha\Downloads\OTL.scr
    2015-01-11 13:05 - 2015-01-11 13:06 - 00128292 _____ () C:\Users\Samantha\Desktop\1st OTL.Txt
    2015-01-11 13:03 - 2015-01-11 13:03 - 00102816 _____ () C:\Users\Samantha\Downloads\Extras.Txt
    2015-01-11 13:02 - 2015-01-11 13:13 - 00127312 _____ () C:\Users\Samantha\Downloads\OTL.Txt
    2015-01-11 12:40 - 2015-01-11 12:41 - 00602112 _____ (OldTimer Tools) C:\Users\Samantha\Downloads\OTL.exe
    2015-01-07 12:31 - 2015-01-07 12:31 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Samantha\Downloads\SpyHunter-Installer.exe
    2015-01-07 11:33 - 2015-01-07 11:33 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2015-01-07 11:24 - 2015-01-13 22:59 - 00000392 _____ () C:\Windows\setupact.log
    2015-01-07 11:24 - 2015-01-07 11:24 - 00000000 _____ () C:\Windows\setuperr.log
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-23 12:10 - 2014-12-12 14:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-23 12:03 - 2014-12-12 14:52 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-23 12:03 - 2014-12-09 13:07 - 00402669 _____ () C:\Windows\WindowsUpdate.log
    2015-01-23 12:03 - 2013-01-10 10:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-23 11:13 - 2012-02-17 14:55 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CD2197DE-87B4-483E-86D5-CF6E04595018}
    2015-01-21 12:07 - 2014-12-12 14:53 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-01-21 12:07 - 2014-12-12 14:53 - 00002183 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
    2015-01-20 15:54 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-13 23:09 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-13 23:09 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-13 23:04 - 2014-05-29 10:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-13 23:01 - 2012-12-06 15:18 - 00000000 ____D () C:\Temp
    2015-01-13 22:59 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-13 22:19 - 2012-02-17 20:08 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-01-13 21:57 - 2013-01-10 10:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-13 21:57 - 2012-03-31 10:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-13 21:57 - 2011-11-09 23:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-11 12:41 - 2014-12-11 13:41 - 00000000 ___HD () C:\Users\Samantha\AppData\Local\NPE
    2015-01-11 12:29 - 2012-03-03 22:13 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSamantha
    2015-01-11 12:29 - 2012-03-03 22:13 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForSamantha.job
    2015-01-07 12:28 - 2012-03-24 20:08 - 00197120 ___SH () C:\Users\Samantha\Thumbs.db
    2015-01-07 12:15 - 2014-12-11 13:46 - 00000000 ____D () C:\NPE
    2015-01-07 11:25 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-12-25 09:52 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
     
    ==================== Files in the root of some directories =======
    2012-09-08 20:18 - 2013-01-10 20:46 - 0007606 ____H () C:\Users\Samantha\AppData\Local\Resmon.ResmonCfg
     
    Some content of TEMP:
    ====================
    C:\Users\Samantha\AppData\Local\Temp\jre-8u31-windows-au.exe
     
     
    Some zero byte size files/folders:
    ==========================
    C:\Windows\System32\vbnwnb.dll
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-21 13:26
     
    ==================== End Of Log ============================

    • 0

    #10
    RKinner
    Posted 23 January 2015 - 01:45 PM

    RKinner

      Malware Expert

    • Expert
    • 24,624 posts
    • MVP
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
    Java 7 Update 65 
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    Are you having any problems now?  

    • 0

    #11
    sabay22
    Posted 03 February 2015 - 12:20 PM

    sabay22

      New Member

    • Topic Starter
    • Member
    • Pip
    • 7 posts

    It still says the Trojan.gen.2 is still there.


    • 0

    #12
    RKinner
    Posted 03 February 2015 - 04:37 PM

    RKinner

      Malware Expert

    • Expert
    • 24,624 posts
    • MVP
     
    Download aswMBR.exe  to your desktop.
    Right click aswMBR.exe and Run as Administrator
    uncheck trace disk IO calls
    Click the "Scan" button to start scan (Accept the Avast Engine)
    On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
    If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
     
    ComboFix
     
    :!: It must be saved to your desktop, do not run it from your browser:!:
     
    :!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
     
    :!: Turn off your screen saver so you can see what is going on
     
    Download and Save this file --  to your Desktop -- from either of these two sources:
     
    Rightclick on ComboFix and select Run As Administrator to start the program.  
     
     
     
        * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
        
        
        * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
     
    Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
    You should get a log when it finishes.  If not this may mean you have the new version of Zero Access malware so run Combofix a second time.
    If you still don't get a log search for Combofix.txt.  It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.
    If you get an error about a registry value when you try to run a program, then just reboot to clear it.
     
    Download TDSSKiller:
    Save it to your desktop then run it by right clicking and Run As Admin.
     
     
    If TDSSKiller alerts you that the system needs to reboot, please consent.
     
    Run TDSSKiller again but this time:
    before you hit the Scan  hit  Change Parameters and check the two items under Additional Options. OK then Scan.
    In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
    When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

    • 0

    #13
    sabay22
    Posted 12 February 2015 - 10:19 AM

    sabay22

      New Member

    • Topic Starter
    • Member
    • Pip
    • 7 posts

    Symantec will not let me disable. here is the log for asw

     

    aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
    Run date: 2015-02-11 10:14:40
    -----------------------------
    10:14:40.856    OS Version: Windows x64 6.1.7601 Service Pack 1
    10:14:40.856    Number of processors: 8 586 0x2A07
    10:14:40.856    ComputerName: SAMANTHA-HP  UserName: Samantha
    10:14:43.937    Initialize success
    10:14:43.943    VM: initialized successfully
    10:14:43.946    VM: Intel CPU BiosDisabled 
    10:30:53.656    AVAST engine defs: 15021100
    10:33:32.007    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    10:33:32.012    Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
    10:33:32.182    Disk 0 MBR read successfully
    10:33:32.188    Disk 0 MBR scan
    10:33:32.216    Disk 0 Windows 7 default MBR code
    10:33:32.279    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          199 MB offset 2048
    10:33:32.288    Disk 0 default boot code
    10:33:32.354    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       689350 MB offset 409600
    10:33:32.426    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS        21791 MB offset 1412198400
    10:33:32.475    Disk 0 Partition 4 00     0C      FAT32 LBA MSDOS5.0     4062 MB offset 1456826368
    10:33:32.663    Disk 0 scanning C:\Windows\system32\drivers
    10:33:57.576    Service scanning
    10:35:37.088    Modules scanning
    10:35:41.799    AVAST engine scan C:\Windows
    10:35:49.824    AVAST engine scan C:\Windows\system32
    10:45:10.920    AVAST engine scan C:\Windows\system32\drivers
    10:46:01.080    AVAST engine scan C:\Users\Samantha
    11:09:05.745    Disk 0 MBR has been saved successfully to "C:\Users\Samantha\Desktop\MBR.dat"
    11:09:05.748    The log file has been saved successfully to "C:\Users\Samantha\Desktop\aswMBR.txt"

    • 0

    #14
    RKinner
    Posted 12 February 2015 - 11:46 AM

    RKinner

      Malware Expert

    • Expert
    • 24,624 posts
    • MVP

    Looks clean.


    • 0
    Back to Virus, Spyware, Malware Removal · Next Unread Topic →




    Similar Topics


    Also tagged with one or more of these keywords: virus, trojan, removal

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    1. Geeks to Go Community
    2. Security
    3. Virus, Spyware, Malware Removal

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP