Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

my computer is invested with genieo virus, browser change from differe


  • This topic is locked This topic is locked

#1
lamondray

lamondray

    Member

  • Member
  • PipPip
  • 12 posts

computer is infested with genieo virus which changes my browser from a lot of differents. and my print looks funny and small . i also did hijackthis and ordered mcafee antivirus which did not remove this genieo thing.  attached is the

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Bonnie (administrator) on BONNIE-PC on 21-03-2015 14:53:52
Running from C:\Users\Bonnie\Downloads
Loaded Profiles: Bonnie (Available profiles: Bonnie & Guest)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Agere Systems) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
(Malwarebytes Corp.) C:\Users\Bonnie\Downloads\mbar-1.09.1.1004.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes Corporation) C:\Users\Bonnie\Desktop\mbar\mbar.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
HKLM-x32\...\RunOnce: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26166552 2015-03-19] (SlimWare Utilities, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-733362238-1924327222-3910265676-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
HKU\S-1-5-21-733362238-1924327222-3910265676-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-733362238-1924327222-3910265676-1000\...\Run: [ISUSPM] => "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
HKU\S-1-5-21-733362238-1924327222-3910265676-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-733362238-1924327222-3910265676-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-733362238-1924327222-3910265676-1000\...\MountPoints2: {bb9fb75c-7df2-11e2-b6a8-002197cb408f} - G:\LGAutoRun.exe
IFEO\svchostc.exe: [Debugger] svchost.exe
IFEO\svchosts.exe: [Debugger] svchost.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Bonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
HKU\S-1-5-21-733362238-1924327222-3910265676-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-733362238-1924327222-3910265676-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
HKU\S-1-5-21-733362238-1924327222-3910265676-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.netzer...urce=minisearch
HKU\S-1-5-21-733362238-1924327222-3910265676-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.netzer...urce=minisearch
URLSearchHook: HKU\S-1-5-21-733362238-1924327222-3910265676-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {7BBFCCA2-89C0-4322-9D81-5AD815F310C9} URL = http://search.live.c...ms}&FORM=HPDTDF
SearchScopes: HKLM -> {7BBFCCA2-89C0-4322-9D81-5AD815F310C9} URL = http://search.live.c...ms}&FORM=HPDTDF
SearchScopes: HKLM -> {AC4A402C-FDE2-404E-9078-682CAA7E97D7} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKLM-x32 -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...hromesbox-en-us
SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...hromesbox-en-us
SearchScopes: HKLM-x32 -> {7BBFCCA2-89C0-4322-9D81-5AD815F310C9} URL = http://search.live.c...ms}&FORM=HPDTDF
SearchScopes: HKLM-x32 -> {AC4A402C-FDE2-404E-9078-682CAA7E97D7} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKU\S-1-5-21-733362238-1924327222-3910265676-1000 -> DefaultScope {C7EAE6FD-8533-49F1-93DA-D92D6596EA76} URL = http://www.google.co...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-733362238-1924327222-3910265676-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKU\S-1-5-21-733362238-1924327222-3910265676-1000 -> {7BBFCCA2-89C0-4322-9D81-5AD815F310C9} URL =
SearchScopes: HKU\S-1-5-21-733362238-1924327222-3910265676-1000 -> {AC4A402C-FDE2-404E-9078-682CAA7E97D7} URL =
SearchScopes: HKU\S-1-5-21-733362238-1924327222-3910265676-1000 -> {C7EAE6FD-8533-49F1-93DA-D92D6596EA76} URL = http://www.google.co...?q={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-08-29] (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-08-29] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-28] (Microsoft Corp.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-733362238-1924327222-3910265676-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect1262.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-02-27] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2015-02-27] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-08-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-08-29] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2014-05-14] ()
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-19] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll [2015-03-03] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-21]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-03-19]

Chrome:
=======
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20140104,20033,0,18,0
CHR StartupUrls: Default -> "hxxp://xfinity.comcast.net/?cid=insDate01282013", "hxxp://yahoo.genieo.com/?v=w3i8"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Surf Canyon) - C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem [2012-07-25]
CHR Extension: (YouTube) - C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-13]
CHR Extension: (Google Search) - C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-13]
CHR Extension: (Yahoo Extension) - C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-01-20]
CHR Extension: (SiteAdvisor) - C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-03-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Google Wallet) - C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-29]
CHR Extension: (Gmail) - C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-19]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bcjagnifjocnddgeknajocbkkhlgibem] - C:\Program Files (x86)\Chrome\surfcanyon.crx [2012-06-27]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0204721426902391mcinstcleanup; C:\Windows\TEMP\020472~1.EXE [851136 2014-08-08] (McAfee, Inc.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2008-08-26] (Agere Systems)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-10-22] (Hewlett-Packard Company) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [244504 2015-03-19] (SlimWare Utilities, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-07-03] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [103936 2012-07-04] (LG Electronics Inc.)
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-03-20] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-20] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [900608 2009-08-03] (Ralink Technology Corp.)
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-07-21] (NVIDIA Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-03-20] ()
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 14:53 - 2015-03-21 14:54 - 00024527 _____ () C:\Users\Bonnie\Downloads\FRST.txt
2015-03-21 14:52 - 2015-03-21 14:54 - 00000000 ____D () C:\FRST
2015-03-21 14:52 - 2015-03-21 14:52 - 02095616 _____ (Farbar) C:\Users\Bonnie\Downloads\FRST64.exe
2015-03-21 14:50 - 2015-03-21 14:51 - 01135104 _____ (Farbar) C:\Users\Bonnie\Downloads\FRST.exe
2015-03-20 21:43 - 2015-03-20 22:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-20 21:42 - 2015-03-20 21:43 - 00000000 ____D () C:\Users\Bonnie\Desktop\mbar
2015-03-20 21:39 - 2015-03-20 21:43 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Bonnie\Downloads\mbar-1.09.1.1004.exe
2015-03-20 21:34 - 2015-03-20 21:34 - 00001864 _____ () C:\Users\Public\Desktop\SlimCleaner Plus.lnk
2015-03-20 21:34 - 2015-03-20 21:34 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\Downloaded Installers
2015-03-20 21:34 - 2015-03-20 21:34 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2015-03-20 21:34 - 2015-03-20 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus
2015-03-20 21:34 - 2015-03-20 21:34 - 00000000 ____D () C:\Program Files\SlimService
2015-03-20 21:34 - 2015-03-20 21:34 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2015-03-20 21:33 - 2015-03-20 21:33 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-03-20 21:33 - 2015-03-20 21:33 - 00003346 _____ () C:\Windows\System32\Tasks\DriverUpdate Scan
2015-03-20 21:33 - 2015-03-20 21:33 - 00002848 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2015-03-20 21:33 - 2015-03-20 21:33 - 00000474 _____ () C:\Windows\Tasks\DriverUpdate Scan.job
2015-03-20 21:33 - 2015-03-20 21:33 - 00000420 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2015-03-20 21:33 - 2015-03-20 21:33 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-03-20 21:33 - 2015-03-20 21:33 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\SlimWare Utilities Inc
2015-03-20 21:33 - 2015-03-20 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2015-03-20 21:33 - 2015-03-20 21:33 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2015-03-20 19:51 - 2015-03-20 19:51 - 00787140 _____ (Generic ) C:\Users\Bonnie\Downloads\DownloadManagerSetup.exe
2015-03-20 19:46 - 2015-03-21 07:18 - 00002521 _____ () C:\Users\Bonnie\Desktop\HiJackThis.lnk
2015-03-20 19:46 - 2015-03-20 19:46 - 00000000 ____D () C:\Users\Bonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-03-20 19:46 - 2015-03-20 19:46 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2015-03-20 19:44 - 2015-03-20 19:44 - 01402880 _____ () C:\Users\Bonnie\Downloads\HiJackThis.msi
2015-03-19 23:24 - 2015-03-19 23:24 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2015-03-19 22:14 - 2015-03-20 21:43 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 22:12 - 2015-03-20 21:43 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-19 22:12 - 2015-03-19 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-19 22:12 - 2015-03-19 22:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-19 22:12 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-19 22:12 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-19 22:10 - 2015-03-19 22:10 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Bonnie\Downloads\mbam-setup-2.1.4.1018 (1).exe
2015-03-19 22:09 - 2015-03-19 22:10 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Bonnie\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-19 21:45 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-03-19 21:36 - 2015-03-19 21:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\Bonnie\Downloads\HijackThis (3).exe
2015-03-19 21:36 - 2015-03-19 21:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\Bonnie\Downloads\HijackThis (2).exe
2015-03-19 21:36 - 2015-03-19 21:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\Bonnie\Downloads\HijackThis (1).exe
2015-03-19 21:32 - 2015-03-19 21:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Bonnie\Downloads\HijackThis.exe
2015-03-19 21:19 - 2015-03-19 21:20 - 00000470 _____ () C:\Windows\wininit.ini
2015-03-19 21:09 - 2015-03-19 21:09 - 00000000 _____ () C:\autoexec.bat
2015-03-19 21:06 - 2015-03-19 21:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-03-19 21:05 - 2015-03-19 21:05 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Bonnie\Downloads\SpyHunter-Installer (1).exe
2015-03-19 21:04 - 2015-03-19 21:04 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Bonnie\Downloads\SpyHunter-Installer.exe
2015-03-19 20:36 - 2015-03-19 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-19 20:33 - 2015-03-19 20:36 - 00001713 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2015-03-19 20:31 - 2015-03-20 21:46 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-19 20:31 - 2015-03-19 20:33 - 00000000 ____D () C:\Program Files\McAfee
2015-03-19 20:31 - 2015-03-19 20:31 - 00000000 ____D () C:\Program Files\McAfee.com
2015-03-19 20:31 - 2015-03-19 20:31 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2015-03-19 20:23 - 2015-03-19 20:24 - 00000000 ____D () C:\Program Files\stinger
2015-03-19 20:22 - 2015-03-19 21:44 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-03-19 20:22 - 2014-10-01 12:18 - 00189920 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-03-19 20:21 - 2015-03-19 20:21 - 05157536 _____ (McAfee, Inc.) C:\Users\Bonnie\Downloads\Setup_serial_zmoABI3WYCe6NzJRltMd7g2_key.exe
2015-03-19 19:36 - 2015-03-19 19:36 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\Citrix
2015-03-19 19:36 - 2015-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-03-16 03:02 - 2015-02-17 22:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-16 03:02 - 2015-02-17 21:42 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-15 20:08 - 2015-02-21 15:17 - 17882624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-15 20:08 - 2015-02-21 15:07 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-15 20:08 - 2015-02-21 15:02 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-15 20:08 - 2015-02-21 15:00 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-15 20:08 - 2015-02-21 14:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-15 20:08 - 2015-02-21 14:54 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-15 20:08 - 2015-02-21 14:53 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-15 20:08 - 2015-02-21 14:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-15 20:08 - 2015-02-21 14:52 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-15 20:08 - 2015-02-21 14:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-15 20:08 - 2015-02-21 14:51 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-15 20:08 - 2015-02-21 14:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-15 20:08 - 2015-02-21 14:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-15 20:08 - 2015-02-21 14:51 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-15 20:08 - 2015-02-21 14:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-15 20:08 - 2015-02-21 14:51 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-15 20:08 - 2015-02-21 14:51 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-15 20:08 - 2015-02-21 14:51 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-15 20:08 - 2015-02-21 14:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-15 20:08 - 2015-02-21 14:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-15 20:08 - 2015-02-21 14:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-15 20:08 - 2015-02-21 14:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-15 20:08 - 2015-02-21 13:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-15 20:08 - 2015-02-21 13:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-15 20:08 - 2015-02-21 13:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-15 20:08 - 2015-02-21 13:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-15 20:08 - 2015-02-21 13:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-15 20:08 - 2015-02-21 13:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-15 20:08 - 2015-02-21 13:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-15 20:08 - 2015-02-21 13:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-03-15 20:08 - 2015-02-21 13:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-15 20:08 - 2015-02-21 13:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-15 20:08 - 2015-02-21 13:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-15 20:08 - 2015-02-21 13:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-15 20:08 - 2015-02-21 13:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-15 20:08 - 2015-02-21 13:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-15 20:08 - 2015-02-21 13:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-15 20:08 - 2015-02-21 13:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-15 20:08 - 2015-02-21 13:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-15 20:08 - 2015-02-21 13:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-15 20:08 - 2015-02-21 13:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-03-15 20:08 - 2015-02-21 13:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-03-15 20:08 - 2015-02-21 13:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-03-15 20:08 - 2015-02-21 13:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-14 03:05 - 2015-02-19 22:03 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-14 03:05 - 2015-02-19 21:44 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-14 03:05 - 2015-02-19 20:39 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-14 03:05 - 2015-02-19 20:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-14 03:05 - 2014-10-12 21:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-03-14 03:05 - 2014-10-12 20:56 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-14 03:04 - 2015-02-25 20:31 - 02792960 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-14 03:04 - 2015-01-28 21:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-14 03:04 - 2015-01-28 21:33 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-14 03:04 - 2015-01-20 22:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-14 03:04 - 2015-01-20 21:42 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-14 03:03 - 2015-02-25 21:40 - 04692408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-14 03:03 - 2015-01-28 21:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-14 03:03 - 2015-01-28 21:33 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-14 03:03 - 2015-01-08 21:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-14 03:03 - 2015-01-08 20:29 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-14 03:01 - 2015-03-06 00:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-14 03:01 - 2015-03-05 23:35 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-07 19:45 - 2015-03-07 19:45 - 00001918 _____ () C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
2015-03-07 19:42 - 2015-03-07 19:44 - 33486880 _____ (eBay Inc. ) C:\Users\Bonnie\Downloads\setupUS.exe
2015-03-06 16:10 - 2015-03-06 21:09 - 00000000 ____D () C:\Users\Bonnie\Desktop\2015-03-06
2015-03-03 20:21 - 2015-03-03 20:21 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-02-27 04:36 - 2014-12-07 21:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-27 04:36 - 2014-12-07 21:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-27 04:25 - 2014-11-25 22:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-27 04:25 - 2014-11-25 21:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-27 04:24 - 2014-12-18 20:26 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-27 04:24 - 2014-08-22 21:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-02-27 04:24 - 2014-08-22 20:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-02-27 04:22 - 2014-11-03 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-27 04:22 - 2014-11-03 20:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-02-27 04:21 - 2014-08-11 22:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-02-27 04:21 - 2014-08-11 22:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-02-27 04:14 - 2014-10-23 21:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-27 04:14 - 2014-10-23 20:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-27 04:14 - 2014-06-15 18:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-02-27 04:14 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-02-27 04:14 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-02-27 04:14 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-02-27 04:14 - 2014-06-13 13:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-02-27 04:14 - 2014-06-13 13:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-02-27 04:11 - 2014-10-09 21:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-02-27 04:11 - 2014-10-09 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-27 04:11 - 2014-10-09 21:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-27 04:11 - 2014-10-09 19:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-27 04:11 - 2014-10-09 19:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-27 04:08 - 2014-06-26 18:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-02-27 04:08 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-02-27 04:08 - 2014-06-26 18:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-02-27 04:08 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-02-27 04:08 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-02-27 04:08 - 2014-06-26 18:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-02-27 04:07 - 2014-06-06 00:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-02-27 04:07 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-02-27 04:06 - 2014-10-02 21:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-02-27 04:06 - 2014-10-02 21:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-02-27 04:06 - 2014-10-02 21:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-02-27 04:06 - 2014-10-02 21:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-02-27 04:06 - 2014-10-02 21:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-27 04:06 - 2014-10-02 21:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-02-27 04:06 - 2014-10-02 21:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-27 04:06 - 2014-10-02 19:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2015-02-27 04:04 - 2014-12-05 23:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-27 04:04 - 2014-12-05 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-27 04:04 - 2014-12-05 22:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-27 04:04 - 2014-12-05 22:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-02-27 04:03 - 2014-12-05 22:54 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-27 04:03 - 2014-10-23 21:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-02-27 04:03 - 2014-10-23 20:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-02-27 04:03 - 2014-09-04 19:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-02-27 04:03 - 2014-08-26 20:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-02-27 04:03 - 2014-08-26 20:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-02-27 04:03 - 2014-08-26 20:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-02-27 04:03 - 2014-08-26 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-02-27 04:02 - 2015-01-15 02:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-27 04:02 - 2015-01-15 00:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-27 04:02 - 2014-10-09 21:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-26 16:08 - 2014-06-13 20:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-02-26 16:08 - 2014-06-13 20:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-02-26 16:07 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-02-26 16:07 - 2014-06-06 03:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-02-26 16:07 - 2014-06-02 17:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-02-26 16:07 - 2014-06-02 17:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-02-26 16:07 - 2014-06-02 17:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-02-26 16:07 - 2014-06-02 16:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-02-26 16:07 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-02-26 16:07 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-02-26 16:07 - 2014-05-30 03:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-02-23 14:25 - 2015-02-23 14:25 - 00001863 _____ () C:\WildTangent Games App - hp.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 14:39 - 2011-03-16 08:31 - 01290927 _____ () C:\Windows\WindowsUpdate.log
2015-03-21 14:35 - 2012-07-13 20:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-21 14:34 - 2013-02-14 21:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-21 14:13 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-21 14:13 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-21 10:40 - 2015-01-21 22:16 - 00001947 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-20 22:36 - 2012-07-13 20:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-20 20:12 - 2008-01-20 23:26 - 00614914 _____ () C:\Windows\PFRO.log
2015-03-20 20:12 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-20 20:11 - 2006-11-02 11:42 - 00032532 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-20 20:10 - 2011-03-18 21:25 - 00000456 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-03-20 20:08 - 2011-04-21 19:59 - 00000000 ____D () C:\ProgramData\Symantec
2015-03-20 20:08 - 2009-03-09 18:52 - 00000000 ____D () C:\ProgramData\Norton
2015-03-20 16:55 - 2009-03-09 18:59 - 00003576 _____ () C:\Windows\System32\Tasks\HP Health Check
2015-03-20 16:55 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-20 16:25 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\IME
2015-03-20 02:27 - 2011-03-16 08:40 - 00003194 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBonnie
2015-03-20 02:27 - 2011-03-16 08:40 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForBonnie.job
2015-03-20 00:42 - 2012-08-29 16:30 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-19 22:24 - 2011-03-16 08:41 - 00000955 _____ () C:\Users\Bonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-03-19 22:24 - 2011-03-16 08:41 - 00000945 _____ () C:\Users\Bonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-19 22:24 - 2011-03-16 08:40 - 00000921 _____ () C:\Users\Bonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-03-19 22:12 - 2012-04-21 08:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-19 21:20 - 2014-01-20 19:56 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-03-19 21:20 - 2014-01-20 19:56 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-03-19 20:05 - 2011-03-16 08:42 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-03-19 17:02 - 2006-11-02 11:27 - 00157654 _____ () C:\Windows\setupact.log
2015-03-19 07:34 - 2013-02-14 21:40 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-19 07:34 - 2013-02-14 21:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-19 07:34 - 2013-02-14 21:40 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-19 01:39 - 2013-03-22 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-16 03:03 - 2011-04-09 17:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-16 03:00 - 2006-11-02 08:35 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-15 10:58 - 2011-09-25 17:43 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-03-14 03:25 - 2006-11-02 11:21 - 00354920 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-09 14:21 - 2012-08-01 12:22 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\CrashDumps
2015-03-08 12:48 - 2015-01-16 18:42 - 00000000 ____D () C:\Users\Bonnie\Desktop\dolls
2015-03-07 20:29 - 2015-01-11 18:59 - 00000000 ____D () C:\Users\Bonnie\Desktop\New Folder
2015-03-07 19:48 - 2014-05-27 22:21 - 00001012 _____ () C:\InstallHelper.log
2015-03-07 19:45 - 2014-05-27 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay
2015-03-06 17:44 - 2013-02-20 23:22 - 00000000 ____D () C:\Users\Bonnie\AppData\Roaming\Image Zone Express
2015-03-06 17:23 - 2015-01-19 19:16 - 00000000 ____D () C:\Users\Bonnie\Desktop\jan 19
2015-03-03 20:20 - 2012-03-11 16:28 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-02-27 20:17 - 2013-03-03 21:18 - 00000000 ____D () C:\Users\Bonnie\Desktop\STUFFED ANIMALS
2015-02-27 20:09 - 2015-02-02 08:06 - 00000000 ____D () C:\Users\Bonnie\Desktop\2015-02-02
2015-02-27 19:41 - 2014-12-04 20:23 - 00000000 ____D () C:\Users\Bonnie\Desktop\2014-12-04
2015-02-27 18:00 - 2011-03-16 08:43 - 00000004 _____ () C:\Users\Bonnie\AppData\Roaming\wklnhst.dat
2015-02-27 05:14 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2015-02-27 04:56 - 2009-03-09 18:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-27 04:54 - 2006-11-02 11:07 - 00000000 ____D () C:\Program Files\Windows Journal
2015-02-27 04:13 - 2014-04-19 03:07 - 00752894 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-27 04:06 - 2011-03-29 06:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-26 22:23 - 2014-03-27 16:47 - 00000000 ____D () C:\Users\Bonnie\Desktop\album 3-27-2014
2015-02-23 14:25 - 2013-12-22 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games for HP
2015-02-23 14:25 - 2012-03-11 16:28 - 00002112 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2015-02-23 14:25 - 2006-11-02 11:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-23 14:24 - 2015-02-02 19:31 - 00000000 ____D () C:\Users\Bonnie\Desktop\animals on line - Copy
2015-02-23 13:54 - 2014-11-28 17:34 - 00000000 ____D () C:\Users\Bonnie\Desktop\jewerly
2015-02-19 23:30 - 2012-07-13 20:45 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-19 23:30 - 2012-07-13 20:45 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2012-03-31 15:50 - 2012-04-15 22:01 - 0003284 _____ () C:\Users\Bonnie\AppData\Roaming\ANIWZCS{A9E1DCA6-ED47-4C15-A59A-F3478961DC1B}
2012-10-27 17:08 - 2012-10-27 17:12 - 0000000 _____ () C:\Users\Bonnie\AppData\Roaming\bibstats
2012-04-15 20:18 - 2012-04-15 20:18 - 0000613 _____ () C:\Users\Bonnie\AppData\Roaming\result.db
2011-03-16 08:43 - 2015-02-27 18:00 - 0000004 _____ () C:\Users\Bonnie\AppData\Roaming\wklnhst.dat
2012-07-13 22:05 - 2014-12-22 10:49 - 0000680 _____ () C:\Users\Bonnie\AppData\Local\d3d9caps.dat
2013-02-23 21:33 - 2014-11-28 18:15 - 0000732 _____ () C:\Users\Bonnie\AppData\Local\d3d9caps64.dat
2013-02-07 23:16 - 2014-12-15 20:38 - 0005120 _____ () C:\Users\Bonnie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-18 18:45 - 2013-03-18 18:45 - 0427802 _____ () C:\Users\Bonnie\AppData\Local\dd_vcredistMSI5BDC.txt
2013-03-18 18:45 - 2013-03-18 18:45 - 0011434 _____ () C:\Users\Bonnie\AppData\Local\dd_vcredistUI5BDC.txt
2012-01-23 19:03 - 2014-01-18 18:31 - 0012398 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Bonnie\AppData\Local\Temp\DefaultAssets.exe
C:\Users\Bonnie\AppData\Local\Temp\DefaultOfflineContent.exe
C:\Users\Bonnie\AppData\Local\Temp\InstallNorton.exe
C:\Users\Bonnie\AppData\Local\Temp\NLStubInstallerResources.dll
C:\Users\Bonnie\AppData\Local\Temp\PCCU_Installer.exe
C:\Users\Bonnie\AppData\Local\Temp\SCC.dll
C:\Users\Bonnie\AppData\Local\Temp\scp8853.tmp.exe
C:\Users\Bonnie\AppData\Local\Temp\SHSetup.exe
C:\Users\Bonnie\AppData\Local\Temp\SymCCIS.dll
C:\Users\Bonnie\AppData\Local\Temp\SymcPCCUInstaller.exe
C:\Users\Bonnie\AppData\Local\Temp\_PC_DRIVERS_HQAssets.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-21 08:24

==================== End Of Log ============================


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi you appear to have a cracked version of McAfee, I would recommend that you uninstall it as it is a vector for infection . I can provide links for a free antivirus

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
IFEO\svchostc.exe: [Debugger] svchost.exe
IFEO\svchosts.exe: [Debugger] svchost.exe
URLSearchHook: HKU\S-1-5-21-733362238-1924327222-3910265676-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKU\S-1-5-21-733362238-1924327222-3910265676-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
CHR StartupUrls: Default -> "hxxp://xfinity.comcast.net/?cid=insDate01282013", "hxxp://yahoo.genieo.com/?v=w3i8"
2015-03-19 20:21 - 2015-03-19 20:21 - 05157536 _____ (McAfee, Inc.) C:\Users\Bonnie\Downloads\Setup_serial_zmoABI3WYCe6NzJRltMd7g2_key.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
lamondray

lamondray

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

hi, thank for response Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Bonnie at 2015-03-25 19:50:43 Run:1
Running from C:\Users\Bonnie\Desktop
Loaded Profiles: Bonnie (Available profiles: Bonnie & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
IFEO\svchostc.exe: [Debugger] svchost.exe
IFEO\svchosts.exe: [Debugger] svchost.exe
URLSearchHook: HKU\S-1-5-21-733362238-1924327222-3910265676-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKU\S-1-5-21-733362238-1924327222-3910265676-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
CHR StartupUrls: Default -> "hxxp://xfinity.comcast.net/?cid=insDate01282013", "hxxp://yahoo.genieo.com/?v=w3i8"
2015-03-19 20:21 - 2015-03-19 20:21 - 05157536 _____ (McAfee, Inc.) C:\Users\Bonnie\Downloads\Setup_serial_zmoABI3WYCe6NzJRltMd7g2_key.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\svchostc.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\svchosts.exe => Key not found.
HKU\S-1-5-21-733362238-1924327222-3910265676-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKU\S-1-5-21-733362238-1924327222-3910265676-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
Chrome StartupUrls deleted successfully.
C:\Users\Bonnie\Downloads\Setup_serial_zmoABI3WYCe6NzJRltMd7g2_key.exe => Moved successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-733362238-1924327222-3910265676-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-733362238-1924327222-3910265676-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

========= End of RemoveProxy: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 15.7 GB temporary data.

The system needed a reboot.

==== End of Fixlog 20:00:33 ====


  • 0

#4
lamondray

lamondray

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

# AdwCleaner v4.113 - Logfile created 25/03/2015 at 21:04:21
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : Bonnie - BONNIE-PC
# Running from : C:\Users\Bonnie\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16633

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [4364 bytes] - [25/03/2015 20:25:17]
AdwCleaner[R1].txt - [4314 bytes] - [25/03/2015 20:36:39]
AdwCleaner[R2].txt - [919 bytes] - [25/03/2015 20:56:10]
AdwCleaner[S0].txt - [3799 bytes] - [25/03/2015 20:44:39]
AdwCleaner[S1].txt - [847 bytes] - [25/03/2015 21:04:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [905  bytes] ##########


  • 0

#5
lamondray

lamondray

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

thank you i followed your instructions, i hope it works.  also you said something about my mcafee was cracked, i just got it about a 3 days,ago i will see if i had any  trial time and canceled it. hopefully to hear from you as fast as you can, thanks


  • 0

#6
lamondray

lamondray

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

# AdwCleaner v4.113 - Logfile created 25/03/2015 at 20:44:39
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : Bonnie - BONNIE-PC
# Running from : C:\Users\Bonnie\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\apn
[!] Folder Deleted : C:\ProgramData\Fighters
[!] Folder Deleted : C:\Program Files (x86)\MyPC Backup
[!] Folder Deleted : C:\Users\Bonnie\AppData\Roaming\iWin
[!] Folder Deleted : C:\Users\Bonnie\AppData\Roaming\pccustubinstaller
[!] Folder Deleted : C:\Users\Bonnie\Documents\smart pc cleaner
[!] Folder Deleted : C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Bonnie\Desktop\eBay.lnk
File Deleted : C:\Users\Bonnie\Desktop\Free Music Downloads.lnk

***** [ Scheduled tasks ] *****

Task Deleted : driverupdate startup
Task Deleted : LaunchApp

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AC4A402C-FDE2-404E-9078-682CAA7E97D7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AC4A402C-FDE2-404E-9078-682CAA7E97D7}
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16633

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []

-\\ Google Chrome v

[C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4364 bytes] - [25/03/2015 20:25:17]
AdwCleaner[R1].txt - [4314 bytes] - [25/03/2015 20:36:39]
AdwCleaner[S0].txt - [3652 bytes] - [25/03/2015 20:44:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3711  bytes] ##########


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
  • 0

#8
lamondray

lamondray

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

hi, got lost witih your instructions and the malware instructions, scared to delete and there was nohing to in quartined. and it said that no virus was founded, totally confused,  it showed a small stuff in application logs, it is to much me to understand. earlier my update after adware computer started trying install bing  and says that nagivation has been cancelled.  i just paid mcafee for a year but if you have something that i can just purchase that it will remove this thing i will have to purchase for one that will do that if it will remove this browser stealer.  i need to be able to get into internet and be assured. i thank you for your help, please dont leave me hanging, just  tell me what you recommend to get this cleaned over.


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is your browser still being hijacked ? If so which browser is it in ?

If you could post the Malwarebytes scan log I will have a look at it. No need to quarantine or delete anything yet
  • 0

#10
lamondray

lamondray

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/27/2015
Scan Time: 12:16:26 PM
Logfile: scanlogger.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.27.06
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Bonnie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 445743
Time Elapsed: 24 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)    ok my browser keeps jumping to bing


  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is just where I removed the bad boy and set it to default. You can reset the homepage and search engine to what you desire

https://support.goog...nswer/463?hl=en

How is the computer behaving now ?
  • 0

#12
lamondray

lamondray

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

ok i added google and it look like it is doing so good right now. thank you so much,


  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP