[amy0299]

Hi,

 

My Firefox and IE are hijacked by hao.360.cn.

 

I've followed a post i foun on the web and follow though but still cannot get rid of it.

http://malwaretips.c...360-cn-removal/

 

Thanks so much in advance for all your help.

 

Amy

[Advertisements]

Hello and welcome to Geeks To Go! My nickname is Pystryker , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

• If you are receiving help for this issue at another forum, please let me know so I can close this thread.
• Please download to and run all requested tools from your Desktop.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
• At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
• If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
• Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
• Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
• Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?


Hello, let's get a look at your system and see what's going on.


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Place a check in the box marked Addition.txt
  
  
• Press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

[pystryker]

Hello and welcome to Geeks To Go! My nickname is Pystryker , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

• If you are receiving help for this issue at another forum, please let me know so I can close this thread.
• Please download to and run all requested tools from your Desktop.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
• At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
• If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
• Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
• Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
• Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?


Hello, let's get a look at your system and see what's going on.


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Place a check in the box marked Addition.txt
  
  
• Press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

[amy0299]

Hi,

I accidentally unplug the power source and had to restart the laptop. When I open the browser it open with blank page (not open with hao.360.cn anymore).

 

Below is the FRST scan result:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-10-2015

Ran by mnar (administrator) on MNAR-PC (10-10-2015 17:07:31)

Running from C:\Users\mnar\Documents\Downloads

Loaded Profiles: mnar (Available Profiles: mnar)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)

Internet Explorer Version 9 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe

(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe

(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\2331\g2mstart.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\2331\g2mcomm.exe

(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\2331\g2mlauncher.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\WINDOWS\System32\conime.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2007-08-17] (CyberLink Corp.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)

HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)

HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\Run: [GoToMeeting] => C:\Program Files\Citrix\GoToMeeting\2331\g2mstart.exe [44400 2015-03-11] (Citrix Online, a division of Citrix Systems, Inc.)

HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\MountPoints2: {34175e12-7006-11e3-a4ac-001e680966cd} - F:\menu.exe

HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\MountPoints2: {986ebdb4-994c-11db-a541-806e6f6e6963} - E:\DWA642.exe

HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\MountPoints2: {e11b0f65-4f2a-11e1-a1c0-806e6f6e6963} - E:\setup.exe

HKU\S-1-5-21-714856783-1908625882-2316339518-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PPS影~1.SCR [435576 2009-04-14] (www.pps.tv)

ShellIconOverlayIdentifiers: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D297} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{C0B87525-2220-45AE-9631-A94D26E4BEAF}: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

SearchScopes: HKLM -> DefaultScope {609366DF-90DA-43A4-A871-3846A98F1E45} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKLM -> {609366DF-90DA-43A4-A871-3846A98F1E45} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKU\S-1-5-21-714856783-1908625882-2316339518-1000 -> DefaultScope {44CBFA09-C5B9-4DA1-9519-C6CFA51B3D4B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-714856783-1908625882-2316339518-1000 -> {44CBFA09-C5B9-4DA1-9519-C6CFA51B3D4B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-714856783-1908625882-2316339518-1000 -> {609366DF-90DA-43A4-A871-3846A98F1E45} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-28] (Google Inc.)

BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-11-23] (Symantec Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)

BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-28] (Google Inc.)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

 

FireFox:

========

FF ProfilePath: C:\Users\mnar\AppData\Roaming\Mozilla\Firefox\Profiles\7qxxgz60.default-1444509213169

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-28] ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-02-21] (Adobe Systems, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)

FF Plugin: @pps.tv/npWebPlayer -> C:\Program Files\IQIYI Video\LStyle\npWebPlayer.dll [No File]

FF Plugin: @qvod.com/QvodInsert -> C:\Program Files\QvodPlayer\npQvodInsert.dll [2014-07-18] (Shenzhen QVOD Technology Co.,Ltd)

FF Plugin: @qvod.com/QvodShare -> C:\Program Files\QvodPlayer\npShareModule.dll [2014-06-24] (Shenzhen QVOD Technology Co.,Ltd)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-714856783-1908625882-2316339518-1000: @citrixonline.com/appdetectorplugin -> C:\Users\mnar\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-11] (Citrix Online)

FF Plugin HKU\S-1-5-21-714856783-1908625882-2316339518-1000: @pps.tv/npWebPlayer -> C:\Program Files\IQIYI Video\LStyle\npWebPlayer.dll No File

FF Plugin HKU\S-1-5-21-714856783-1908625882-2316339518-1000: @qvod.com/QvodInsert -> C:\Program Files\QvodPlayer\npQvodInsert.dll [2014-07-18] (Shenzhen QVOD Technology Co.,Ltd)

FF Plugin HKU\S-1-5-21-714856783-1908625882-2316339518-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\mnar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

FF Plugin HKU\S-1-5-21-714856783-1908625882-2316339518-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mnar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-714856783-1908625882-2316339518-1000: KuaiWanInsert -> C:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File

FF Plugin HKU\S-1-5-21-714856783-1908625882-2316339518-1000: none.com/Base -> C:\Program Files\Letv\letvlive\npBase.dll [2014-02-26] (letv)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-04]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Symantec\VIP Access Client

FF Extension: Symantec VIP Access Add-On - C:\Program Files\Symantec\VIP Access Client [2014-03-23]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File

CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll => No File

CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll => No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Profile: C:\Users\mnar\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (AdBlock) - C:\Users\mnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-01]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]

CHR Extension: (Chrome Web Store Payments) - C:\Users\mnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Unblock Youku) - C:\Users\mnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2013-11-01]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1087792 2015-02-18] (Flexera Software LLC)

S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]

S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-07] (Hewlett-Packard Co.) [File not signed]

S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]

R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [663552 2007-10-14] (Hewlett-Packard Co.) [File not signed]

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]

S4 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-09-30] ()

S4 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-09-30] ()

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()

S4 VIPAppService; C:\Program Files\Symantec\VIP Access Client\VIPAppService.exe [81552 2012-11-23] (Symantec Corporation)

S4 Vongo Service; C:\Program Files\Vongo\VongoService.exe [176128 2007-08-31] (Starz Entertainment Group LLC) [File not signed]

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

S4 SOSOUpSvc; no ImagePath

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 Ctxusbr; C:\Windows\System32\DRIVERS\ctxusbr.sys [52280 2014-10-29] (Citrix Systems, Inc.)

S3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [41536 2015-05-14] (Citrix Systems, Inc.)

S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-10-10] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

U4 eabfiltr; no ImagePath

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

U0 Sr; no ImagePath

U2 SrService; no ImagePath

S3 SymIM; system32\DRIVERS\SymIM.sys [X]

S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-10 17:05 - 2015-10-10 17:07 - 00000000 ____D C:\FRST

2015-10-10 17:04 - 2015-10-10 17:04 - 01699328 _____ (Farbar) C:\Users\mnar\Desktop\FRST.exe

2015-10-10 15:53 - 2015-10-10 16:28 - 00000000 ____D C:\ProgramData\HitmanPro

2015-10-10 15:43 - 2015-10-10 16:33 - 00000000 ____D C:\Users\mnar\Desktop\Old Firefox Data

2015-10-10 14:03 - 2015-10-10 14:03 - 00004772 _____ C:\Users\mnar\Desktop\JRT.txt

2015-10-10 13:39 - 2015-10-10 16:49 - 00855090 _____ C:\Windows\PFRO.log

2015-10-09 23:57 - 2015-10-10 16:53 - 00000000 ____D C:\Program Files\Mozilla Firefox

2015-10-09 23:08 - 2015-10-10 13:34 - 00000000 ____D C:\AdwCleaner

2015-10-09 22:49 - 2015-10-09 22:49 - 00000000 ____D C:\ProgramData\AOL

2015-10-09 21:19 - 2015-10-10 16:50 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-10-09 21:19 - 2015-10-09 21:19 - 00000899 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-10-09 21:19 - 2015-10-09 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-10-09 21:18 - 2015-10-09 21:19 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

2015-10-09 21:18 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-10-09 21:18 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-09-29 22:06 - 2015-10-10 16:18 - 00000608 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-714856783-1908625882-2316339518-1000.job

2015-09-15 01:03 - 2015-08-13 10:15 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2015-09-15 01:03 - 2015-08-13 10:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2015-09-15 00:58 - 2015-07-21 16:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-09-15 00:58 - 2015-07-21 12:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-09-15 00:58 - 2015-07-21 12:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-09-15 00:58 - 2015-07-21 12:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys

2015-09-15 00:58 - 2015-07-21 12:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2015-09-15 00:58 - 2015-07-21 12:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll

2015-09-15 00:58 - 2015-07-21 12:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-09-15 00:58 - 2015-07-21 12:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-09-15 00:57 - 2015-07-03 12:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll

2015-09-15 00:49 - 2015-07-31 15:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2015-09-15 00:46 - 2015-06-17 12:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2015-09-15 00:46 - 2015-06-17 11:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe

2015-09-15 00:45 - 2015-06-12 12:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2015-09-15 00:39 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2015-09-15 00:38 - 2015-07-10 15:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2015-09-15 00:26 - 2015-03-04 22:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2015-09-15 00:26 - 2015-03-04 22:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll

2015-09-15 00:21 - 2015-07-11 11:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-09-15 00:17 - 2015-07-18 12:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll

2015-09-15 00:13 - 2015-07-10 10:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-09-15 00:10 - 2015-09-02 17:26 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-09-15 00:10 - 2015-09-02 15:55 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-09-15 00:10 - 2015-09-02 15:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-09-14 23:58 - 2015-08-05 11:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2015-09-14 23:48 - 2015-07-10 15:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2015-09-14 23:48 - 2015-07-10 15:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-09-14 23:44 - 2015-05-31 04:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll

2015-09-14 23:13 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe

2015-09-14 23:12 - 2015-07-31 17:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

2015-09-14 23:12 - 2015-07-31 17:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

2015-09-14 23:12 - 2015-07-31 17:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

2015-09-14 23:12 - 2015-07-31 17:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

2015-09-14 23:12 - 2015-07-31 16:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2015-09-14 23:12 - 2015-07-31 16:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2015-09-14 23:12 - 2015-07-31 16:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2015-09-14 23:12 - 2015-07-31 16:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2015-09-14 23:12 - 2015-07-31 16:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2015-09-14 23:06 - 2015-06-27 12:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-09-14 23:06 - 2015-06-27 12:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-09-14 23:06 - 2015-06-27 12:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-09-14 23:06 - 2015-06-27 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2015-09-14 23:06 - 2015-06-27 10:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-09-14 23:06 - 2015-06-27 10:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-09-14 23:06 - 2015-06-12 09:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-09-14 23:06 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-09-14 23:06 - 2015-01-08 20:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-09-14 23:05 - 2015-05-08 19:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-09-14 22:55 - 2015-07-09 10:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe

2015-09-14 22:55 - 2015-07-09 10:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe

2015-09-14 22:55 - 2015-07-01 11:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2015-09-14 22:53 - 2015-05-04 18:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-09-14 22:53 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-09-14 22:53 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-09-14 22:53 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-09-14 22:53 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-09-14 12:48 - 2015-08-17 13:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-09-14 12:48 - 2015-08-17 13:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-09-14 12:48 - 2015-08-17 13:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-09-14 12:48 - 2015-08-17 13:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-09-14 12:48 - 2015-08-17 13:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-09-14 12:48 - 2015-08-17 13:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-09-14 12:48 - 2015-08-17 13:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-09-14 12:48 - 2015-08-17 13:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-09-14 12:48 - 2015-08-17 13:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2015-09-14 12:48 - 2015-08-17 13:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-09-14 12:48 - 2015-08-17 13:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-10 17:06 - 2012-02-09 18:23 - 00267848 _____ C:\ProgramData\nvModes.001

2015-10-10 17:02 - 2007-12-05 21:26 - 01059370 _____ C:\Windows\WindowsUpdate.log

2015-10-10 16:51 - 2012-02-09 18:23 - 00267848 _____ C:\ProgramData\nvModes.dat

2015-10-10 16:50 - 2012-11-18 12:09 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-10 16:49 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-10-10 16:49 - 2006-11-02 08:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-10-10 16:49 - 2006-11-02 08:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-10-10 16:48 - 2006-11-02 09:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-10-10 16:41 - 2012-11-18 12:09 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-10-10 16:35 - 2012-04-08 11:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-10-10 16:18 - 2012-12-21 20:13 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-714856783-1908625882-2316339518-1000UA.job

2015-10-10 16:12 - 2015-03-11 09:41 - 00000512 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-714856783-1908625882-2316339518-1000.job

2015-10-10 13:58 - 2006-11-02 07:18 - 00000000 ___RD C:\Users\Public

2015-10-09 21:19 - 2012-03-28 21:42 - 00000000 ____D C:\Users\mnar\AppData\Roaming\Malwarebytes

2015-10-09 21:19 - 2012-03-28 21:42 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-10-09 21:11 - 2012-04-12 21:18 - 00000000 ____D C:\ProgramData\38FDB89C-1EBD-4366-84B2-336D12CC3209

2015-10-09 21:10 - 2014-01-20 20:12 - 00000000 ____D C:\Users\mnar\AppData\Local\Citrix

2015-10-09 21:10 - 2012-04-01 10:08 - 00000000 ____D C:\Program Files\FileHippo.com

2015-10-09 21:02 - 2012-02-04 08:31 - 00000000 ____D C:\Users\mnar\AppData\Roaming\Mozilla

2015-10-09 21:00 - 2015-03-27 13:06 - 00000000 ____D C:\ProgramData\Citrix

2015-10-09 21:00 - 2014-01-20 20:12 - 00000000 ____D C:\Program Files\Citrix

2015-10-08 19:18 - 2012-12-21 20:13 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-714856783-1908625882-2316339518-1000Core.job

2015-09-28 20:36 - 2012-04-08 11:23 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-09-28 20:36 - 2012-02-04 08:38 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-09-28 20:08 - 2012-11-18 12:11 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-09-28 19:42 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache

2015-09-28 19:42 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET

2015-09-28 18:49 - 2006-11-02 06:33 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI

2015-09-28 18:48 - 2012-11-18 12:09 - 00000000 ____D C:\Users\mnar\AppData\Local\Google

2015-09-28 18:40 - 2006-11-02 08:47 - 00318648 _____ C:\Windows\system32\FNTCACHE.DAT

2015-09-28 18:37 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\system32\XPSViewer

2015-09-28 18:37 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Journal

2015-09-15 01:03 - 2007-10-22 16:36 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-09-15 00:55 - 2012-02-03 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-09-15 00:54 - 2012-02-03 13:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2015-09-15 00:44 - 2012-02-18 09:57 - 00001945 _____ C:\Windows\epplauncher.mif

2015-09-15 00:44 - 2007-01-01 00:25 - 00001826 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2015-09-15 00:43 - 2012-02-18 09:55 - 00000000 ____D C:\Program Files\Microsoft Security Client

2015-09-14 23:36 - 2013-08-15 00:03 - 00000000 ____D C:\Windows\system32\MRT

2015-09-14 18:05 - 2012-03-31 18:14 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2015-09-14 17:58 - 2012-02-02 22:13 - 00000000 ____D C:\Users\mnar\AppData\Roaming\Macromedia

2015-09-14 16:36 - 2012-03-21 07:06 - 00000000 ____D C:\New Folder

 

==================== Files in the root of some directories =======

 

2014-09-18 10:41 - 2015-09-09 18:35 - 0000093 _____ () C:\Users\mnar\AppData\Roaming\ARCompanion.log

2013-07-04 09:04 - 2014-04-13 08:58 - 0000954 _____ () C:\Users\mnar\AppData\Roaming\coreavc.ini

2012-02-03 16:48 - 2012-02-09 17:56 - 0051528 _____ () C:\Users\mnar\AppData\Roaming\nvModes.001

2012-02-03 16:48 - 2012-02-08 16:21 - 0051528 _____ () C:\Users\mnar\AppData\Roaming\nvModes.dat

2012-03-03 10:31 - 2012-04-01 09:39 - 0003384 _____ () C:\Users\mnar\AppData\Roaming\wklnhst.dat

2012-02-02 22:16 - 2012-02-02 22:16 - 0000000 _____ () C:\Users\mnar\AppData\Local\AtStart.txt

2012-02-03 08:57 - 2012-02-28 07:20 - 0006944 _____ () C:\Users\mnar\AppData\Local\d3d9caps.dat

2012-04-02 21:50 - 2014-02-03 21:52 - 0005120 _____ () C:\Users\mnar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-02-02 22:16 - 2012-02-02 22:16 - 0000000 _____ () C:\Users\mnar\AppData\Local\DSwitch.txt

2012-02-19 18:04 - 2013-04-13 14:47 - 0000000 _____ () C:\Users\mnar\AppData\Local\FnF4.txt

2012-02-02 22:16 - 2012-02-02 22:16 - 0000000 _____ () C:\Users\mnar\AppData\Local\QSwitch.txt

2007-10-22 16:40 - 2015-01-01 09:50 - 0005868 _____ () C:\ProgramData\hpzinstall.log

2012-03-30 00:00 - 2014-12-08 09:47 - 0001177 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

2012-02-09 18:23 - 2015-10-10 17:06 - 0267848 _____ () C:\ProgramData\nvModes.001

2012-02-09 18:23 - 2015-10-10 16:51 - 0267848 _____ () C:\ProgramData\nvModes.dat

 

Some files in TEMP:

====================

C:\Users\mnar\AppData\Local\Temp\i4j8530738055798330651.exe

C:\Users\mnar\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-10-10 16:59

 

==================== End of FRST.txt ============================

[amy0299]

Here is the Addition log:

 

Thanks!

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-10-2015

Ran by mnar (2015-10-10 17:10:15)

Running from C:\Users\mnar\Documents\Downloads

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2007-12-06 01:28:50)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-714856783-1908625882-2316339518-500 - Administrator - Disabled)

Guest (S-1-5-21-714856783-1908625882-2316339518-501 - Limited - Disabled)

mnar (S-1-5-21-714856783-1908625882-2316339518-1000 - Administrator - Enabled) => C:\Users\mnar

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden

4660_4680_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden

Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)

Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)

Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)

Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)

Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)

BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden

bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden

BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden

BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden

Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 5.10.38.26 - Broadcom Corporation)

BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden

Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.60 - Conexant)

CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1002 - CyberLink Corp.)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden

DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

DocMgr (Version: 100.0.201.000 - Hewlett-Packard) Hidden

DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden

DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.0928 - CyberLink Corp.)

EA Link (HKLM\...\InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}) (Version: 3.1.1.4 - Electronic Arts)

EA Link (Version: 3.1.1.4 - Electronic Arts) Hidden

ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)

ESU for Microsoft Vista (HKLM\...\{68471BF2-F1F7-4C89-BBBA-400B94996596}) (Version: 2.0.10.1 - Hewlett-Packard)

eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

Fax (Version: 100.0.272.000 - Hewlett-Packard) Hidden

FoneSync (HKLM\...\FoneSync) (Version:  - )

Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden

GoToMeeting 7.3.0.3499 (HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\GoToMeeting) (Version: 7.3.0.3499 - CitrixOnline)

GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden

Hauppauge MCE XP/Vista Software Encoder (2.0.25149) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25149 - Hauppauge Computer Works, Inc.)

HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )

Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden

Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden

Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden

HP Active Support Library (HKLM\...\{11BB336F-0E58-4977-B866-F24FA334616B}) (Version: 2.3.0.2 - Hewlett-Packard)

HP Customer Experience Enhancements (HKLM\...\{BD0E2B92-3814-46F0-893B-4612EA010C7E}) (Version: 5.4.0.2430 - Hewlett-Packard)

HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)

HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.02.0001 - Hewlett-Packard)

HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)

HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)

HP Help and Support (HKLM\...\{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}) (Version: 1.5.1 - Hewlett-Packard)

HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)

HP Officejet All-In-One Series (HKLM\...\{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}) (Version: 1.0 - HP)

HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)

HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)

HP QuickPlay 3.6 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )

HP QuickTouch 1.00 C4 (HKLM\...\{7DC4A410-9986-4329-9E5D-687B2C42CA39}) (Version: 1.0.7 - Hewlett-Packard)

HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)

HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)

HP Total Care Advisor (HKLM\...\{b02df929-29a7-4fd2-9a70-81a644b635f7}) (Version: 1.4.19.2433 - Hewlett-Packard)

HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)

HP User Guides 0087 (HKLM\...\{4D49757C-367A-4333-BDB3-68966162B14E}) (Version: 1.02.0000 - Hewlett-Packard )

HP Wireless Assistant (HKLM\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H2 - Hewlett-Packard)

HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)

HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden

hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden

HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden

HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden

HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden

HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden

HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden

HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden

HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden

J4680 (Version: 50.0.165.000 - Hewlett-Packard) Hidden

Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle)

Java™ 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)

Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)

JavaFX 2.0.3 (HKLM\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)

Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2128 - CyberLink Corp.)

LAV Filters 0.55.3 (HKLM\...\lavfilters_is1) (Version: 0.55.3 - Hendrik Leppkes)

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden

Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Money 2001 (HKLM\...\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}) (Version: 9.0.0.0 - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

Microsoft Works 2001 Setup Launcher (HKLM\...\Works2001Setup) (Version:  - )

Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}) (Version: 2.0.0.0000 - Microsoft Corporation)

Mozilla Firefox 19.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 19.0.2 (x86 en-US)) (Version: 19.0.2 - Mozilla)

MSCU for Microsoft Vista (HKLM\...\{F7F3B252-E772-48AA-93EB-7964BC326067}) (Version: 1.0.1.9 - Hewlett-Packard)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

muvee autoProducer 6.1 (HKLM\...\{250E9609-E830-43EB-B379-DAB7546A2422}) (Version: 6.10.050 - muvee Technologies)

My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent)

NetDeviceManager (Version: 100.0.170.000 - Hewlett-Packard) Hidden

NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.46 - BVRP Software, Inc)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)

OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)

Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3327 - CyberLink Corp.)

PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2129 - CyberLink Corp.)

PowerDirector (Version: 6.5.2129 - CyberLink Corp.) Hidden

ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden

PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden

QuickPlay SlingPlayer 0.4.4 (HKLM\...\SlingMedia.QPSlingPlayer_is1) (Version: 0.4.4 - SlingMedia)

RabbitTV (HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\6c2290d276fa0f0d) (Version: 1.0.0.8 - RabbitTV.com)

Revo Uninstaller Pro 2.5.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.7 - VS Revo Group, Ltd.)

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )

Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.)

Samsung Kies3 (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.) Hidden

Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden

Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)

Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Slingbox Flash Tour (HKLM\...\{38EAC694-0D90-445F-8C17-8B50ADFE3162}) (Version: 1.0.0 - Sling Media)

SlingPlayer (HKLM\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)

SlingPlayer (Version: 1.04.0206 - Sling Media) Hidden

SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden

SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden

Status (Version: 100.0.272.000 - Hewlett-Packard) Hidden

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Tableau 8.3 (8300.15.0114.2230) (32-bit) (HKLM\...\{D924C15D-B674-4D90-A0ED-889ADB9B99E8}) (Version: 8.3.1412 - Tableau Software)

The Sims™ Life Stories (HKLM\...\{2284D904-C138-4B58-93EC-5C362AB5130A}) (Version: 1.00.0000 - Electronic Arts)

Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden

TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden

TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)

TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)

TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)

Unity Web Player (HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Video to Video (HKLM\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version:  - Media Converters)

VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden

VIP Access (HKLM\...\{97C89A11-9AD7-49CE-9F90-54BF075623CE}) (Version: 2.1.1.34 - Symantec Corporation)

Vongo (HKLM\...\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}) (Version: 1.51.40 - Starz)

WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden

WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Works Suite OS Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden

Works Synchronization (Version: 1.0.0.0000 - Your Company Name) Hidden

乐视视频 V7.0.5.244 (HKLM\...\乐视视频) (Version: V7.0.5.244 - 乐视网信息技术（北京）股份有限公司.)

快播 5.20.241 (HKLM\...\QvodPlayer) (Version: 5.20.241 - Shenzhen Qvod Technology Co.,Ltd)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{02E2D748-67F8-48B4-8AB4-0A085374BB99}\InprocServer32 -> C:\Program Files\QvodPlayer\Allplugin.dll (Shenzhen QVOD Technology Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\mnar\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\mnar\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\mnar\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{7B94F0F0-7CDD-11D3-9B96-00105AA4504D}\InprocServer32 -> C:\Program Files\Microsoft Money\System\pmasdskr.dll ()

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\2331\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\mnar\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{8cbf578d-51ae-534c-a7c3-6aef0845f574}\InprocServer32 -> C:\Program Files\Letv\letvlive\npBase.dll (letv)

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\mnar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{E5D0E06D-5309-11D1-A1F0-0000F875A2F0}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mscps.dll ()

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\InprocServer32 -> C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)

 

==================== Restore Points =========================

 

22-08-2015 14:40:49 Windows Update

23-08-2015 22:29:07 Windows Update

09-09-2015 18:05:31 Installed NetScaler Gateway Plug-in

09-09-2015 19:07:35 Device Driver Package Install: Citrix Systems Inc. Citrix USB Devices

14-09-2015 13:15:37 Scheduled Checkpoint

14-09-2015 22:52:37 Windows Update

28-09-2015 19:22:54 Windows Update

29-09-2015 21:48:47 Scheduled Checkpoint

03-10-2015 10:22:50 Windows Update

04-10-2015 17:29:12 Scheduled Checkpoint

06-10-2015 17:17:18 Scheduled Checkpoint

07-10-2015 22:46:30 Windows Update

09-10-2015 21:01:09 Removed NetScaler Gateway Plug-in

09-10-2015 21:09:35 Removed Citrix Online Launcher

09-10-2015 21:11:00 Removed GEAR driver installer 4.019

09-10-2015 21:12:37 Removed HP Product Detection

09-10-2015 21:13:24 Removed HP Product Detection

10-10-2015 13:54:19 JRT Pre-Junkware Removal

10-10-2015 16:23:18 Checkpoint by HitmanPro

10-10-2015 16:27:01 Checkpoint by HitmanPro

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2006-11-02 06:23 - 2015-10-10 16:28 - 00000019 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {001EEF8D-50E1-40FF-AED9-7C9192D95C32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-09] (Google Inc.)

Task: {02F66216-CCE2-4BCF-A205-F31F57951ACB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-09] (Google Inc.)

Task: {0EABD965-47A0-40DC-8CB8-F70291FFA082} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)

Task: {14DEFE17-9DD4-4BA5-9A85-E6B0BA2DC7CA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-28] (Adobe Systems Incorporated)

Task: {2177436A-4B37-4431-A6F8-CF1E18C6BF6F} - System32\Tasks\{97475681-0A95-422A-B354-A176E71499EC} => pcalua.exe -a C:\Users\mnar\Downloads\sp41675.exe -d "C:\Program Files\Mozilla Firefox"

Task: {2420E39C-62AE-4CA7-B401-D9102434B119} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

Task: {24805DED-F138-4791-89BD-D8DB7AE42CA1} - System32\Tasks\{65C81E28-8840-4EC2-A976-701DD0C2B078} => pcalua.exe -a "C:\Program Files\AIM6\uninst.exe"

Task: {2B3409D9-4939-40FC-AD77-95E9A70F89C6} - System32\Tasks\{80D42F87-9111-4D0C-96C7-E691419A3942} => Iexplore.exe http://ui.skype.com/...#38;page=tsBing

Task: {2DDE714F-7017-414F-B8BC-CF29D2E618C1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)

Task: {301929A3-9FF2-4D63-982A-90A1FAC19FED} - System32\Tasks\G2MUploadTask-S-1-5-21-714856783-1908625882-2316339518-1000 => C:\Program Files\Citrix\GoToMeeting\3499\g2mupload.exe [2015-09-29] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {36F3FFCD-24AC-4AAF-AA2E-19487139C519} - System32\Tasks\{D1D4B339-1319-4BD4-8583-A7DF67993480} => pcalua.exe -a C:\Users\mnar\Downloads\sp56954.exe -d C:\Users\mnar\Downloads

Task: {54E4B634-87C2-44F5-8F1E-AA9294BCE64A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-714856783-1908625882-2316339518-1000Core => C:\Users\mnar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-21] (Facebook Inc.)

Task: {9D794DE5-3DB2-40CA-91C5-0DB3D97CD68B} - System32\Tasks\G2MUpdateTask-S-1-5-21-714856783-1908625882-2316339518-1000 => C:\Program Files\Citrix\GoToMeeting\3499\g2mupdate.exe [2015-09-29] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {B496EE04-F1DB-410D-AE0B-112ED55A6823} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-714856783-1908625882-2316339518-1000UA => C:\Users\mnar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-21] (Facebook Inc.)

Task: {BE73B45D-CE64-45B4-A839-9AFF7E538662} - \MobProtect -> No File <==== ATTENTION

Task: {D3283A85-52BD-40FC-A604-16CAF15E7911} - System32\Tasks\{44CE804F-6F50-456B-BBEB-1F5585CEB9C7} => pcalua.exe -a E:\setup.exe -d E:\

Task: {FAAD79FC-ECF5-4D81-AC0C-18C1474722A9} - System32\Tasks\{F771CB33-84AE-45EC-90DB-423EBBBF0AA6} => pcalua.exe -a C:\Users\mnar\Downloads\QvodSetup5.exe -d C:\Users\mnar

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-714856783-1908625882-2316339518-1000Core.job => C:\Users\mnar\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-714856783-1908625882-2316339518-1000UA.job => C:\Users\mnar\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-714856783-1908625882-2316339518-1000.job => C:\Program Files\Citrix\GoToMeeting\3499\g2mupdate.exe

Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-714856783-1908625882-2316339518-1000.job => C:\Program Files\Citrix\GoToMeeting\3499\g2mupload.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2007-10-22 16:48 - 2007-01-09 06:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\intuit.com -> hxxps://ttlc.intuit.com

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-714856783-1908625882-2316339518-1000\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HPRadiance.jpg

DNS Servers: 75.75.75.75 - 75.75.76.76

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: HP Health Check Service => 2

MSCONFIG\Services: hpqddsvc => 2

MSCONFIG\Services: hpqwmiex => 2

MSCONFIG\Services: IntuitUpdateServiceV4 => 2

MSCONFIG\Services: McComponentHostService => 3

MSCONFIG\Services: QPCapSvc => 2

MSCONFIG\Services: QPSched => 2

MSCONFIG\Services: QWAVE => 3

MSCONFIG\Services: SOSOUpSvc => 2

MSCONFIG\Services: VIPAppService => 2

MSCONFIG\Services: Vongo Service => 3

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk => C:\Windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk => C:\Windows\pss\Vongo Tray.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^mnar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk => C:\Windows\pss\Citrix Receiver.lnk.Startup

MSCONFIG\startupfolder: C:^Users^mnar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk => C:\Windows\pss\ERUNT AutoBackup.lnk.Startup

MSCONFIG\startupfolder: C:^Users^mnar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PPS.lnk => C:\Windows\pss\PPS.lnk.Startup

MSCONFIG\startupfolder: C:^Users^mnar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^爱奇艺PPS影音.lnk => C:\Windows\pss\爱奇艺PPS影音.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\mnar\AppData\Local\Akamai\netsession_win.exe"

MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

MSCONFIG\startupreg: Facebook Update => "C:\Users\mnar\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

MSCONFIG\startupreg: HCDNClient => "C:\Program Files\IQIYI Video\Common\HCDNClient.exe" -shell_start

MSCONFIG\startupreg: HP Health Check Scheduler => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: HPAdvisor => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

MSCONFIG\startupreg: hpWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

MSCONFIG\startupreg: LetvHClient => C:\Program Files\Letv\letvlive\LetvHClient.exe

MSCONFIG\startupreg: Loader => C:\Program Files\Letv\letvlive\LeTVLoader.exe #mini

MSCONFIG\startupreg: Microsoft Works Update Detection => C:\Program Files\Microsoft Works\WkDetect.exe

MSCONFIG\startupreg: MoneyAgent => "C:\Program Files\Microsoft Money\System\Money Express.exe"

MSCONFIG\startupreg: MoneyStartUp => C:\Program Files\Microsoft Money\System\Money Startup.exe

MSCONFIG\startupreg: OnScreenDisplay => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

MSCONFIG\startupreg: PPS Accelerator => D:\PPS.tv\PPStream\PPSKernel.exe

MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"

MSCONFIG\startupreg: QvodTerminal => "C:\Program Files\QvodPlayer\QvodTerminal.exe" -autorun

MSCONFIG\startupreg: QyClient => "C:\Program Files\IQIYI Video\PStyle\QyClient.exe" autostart

MSCONFIG\startupreg: QyKernel => C:\Program Files\IQIYI Video\LStyle\QyKernel.exe

MSCONFIG\startupreg: Redirector => "C:\Program Files\Citrix\ICA Client\redirector.exe" /startup

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: WAWifiMessage => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

MSCONFIG\startupreg: WorksFUD => C:\Program Files\Microsoft Works\wkfud.exe

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [{CE4F4E83-AF88-482F-AE25-0C747924040E}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe

FirewallRules: [{DFD324BE-F770-4D31-9549-C8FBDAC78B9E}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe

FirewallRules: [{B012CF73-0AA9-4CA7-8D29-ADB011DF9B38}] => (Allow) C:\Program Files\Cyberlink\PowerDirector\PDR.EXE

FirewallRules: [{1A8A904E-B1D2-463E-9D3F-567D9943A22D}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe

FirewallRules: [{75389B44-D2B8-47DF-807F-7E760DDA8BE2}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe

FirewallRules: [{035FB961-80B5-4C83-A557-351F5F142F6F}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe

FirewallRules: [{E597B241-B3F9-48DC-A5C3-6EFE6EC6E425}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe

FirewallRules: [{DB3093D3-9E93-4B0A-BCFF-A2166E1441F4}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe

FirewallRules: [{F4AD277B-E08C-4E1E-8B77-2068DD64ED44}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe

FirewallRules: [{FAA4FC71-80FA-438F-95BD-1D088C7918C1}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe

FirewallRules: [{ED7121CA-8DB4-4371-8A2C-2463A3DC4CCA}] => (Allow) C:\Program Files\HP\QuickPlay\QPService.exe

FirewallRules: [{5D9D73C6-E26E-487F-97E3-5E89F53BE5BA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

FirewallRules: [{AD775E90-5AB9-42F9-9DC5-D976E6C7768C}] => (Allow) F:\setup\HPZNUI01.EXE

FirewallRules: [{F335E70E-04C0-40B3-BDCE-4B507DA81B97}] => (Allow) F:\setup\HPZNUI01.EXE

FirewallRules: [{62592B9F-FA41-480A-A45C-131FEE40F781}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

FirewallRules: [{31DE2FEB-567B-40CD-BD43-9739DE301A2C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

FirewallRules: [{2ACBA532-38B4-49A3-BE77-4A25042363F7}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

FirewallRules: [{7CDD2C6A-1E5C-4C70-8A74-9653408E8D4C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

FirewallRules: [{BD65438F-FFA0-4AD0-8FC3-836AE436B132}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe

FirewallRules: [{6558AF83-B4DC-4DBF-9A7D-CDCF7DA1A632}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe

FirewallRules: [{69959864-1DF6-4FF9-80C8-F97D88621E44}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe

FirewallRules: [{C7D7D33A-CE62-470E-9DA9-89FC469B8EFA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe

FirewallRules: [{D66B360D-9AB9-4232-A5A5-819A1643520C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe

FirewallRules: [{E091CBF2-7F0A-49E8-B50E-EF4A061AD712}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe

FirewallRules: [{9206A70E-9DA2-4E61-8ABC-DF38633DD80C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe

FirewallRules: [{44EDAB08-3DF7-490B-ABCD-9D0661154F54}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe

FirewallRules: [{DED79C9E-0ABE-40B2-AD86-E7DE1BD32A3F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe

FirewallRules: [{3B81A64B-51D2-49A1-91BB-832C1B6A0703}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe

FirewallRules: [{ECC14089-C02C-4F61-9536-35286DEE9422}] => (Allow) D:\PPS.tv\PPStream\PPStream.exe

FirewallRules: [{AA470424-6DF9-4323-9A64-661143E57D50}] => (Allow) D:\PPS.tv\PPStream\PPStream.exe

FirewallRules: [{312A5FAD-2851-4FC1-908B-25EF685CB7FA}] => (Allow) D:\PPS.tv\PPStream\PPSAP.exe

FirewallRules: [{24ADEFB0-7DA6-4332-8C37-A8B3F99CC3EE}] => (Allow) LPort=80

FirewallRules: [{888AB8F1-EB43-4305-878C-EB1D65490F06}] => (Allow) LPort=80

FirewallRules: [{39519CD2-3ACD-4D40-9600-D4C5EB9EB5F0}] => (Allow) LPort=80

FirewallRules: [TCP Query User{7946AEB8-2B99-4045-A620-E4F5CFA6A1FB}C:\program files\qvodplayer\qvodterminal.exe] => (Allow) C:\program files\qvodplayer\qvodterminal.exe

FirewallRules: [UDP Query User{48E3846D-D1B1-45A4-8CF8-D47BEADB1F6C}C:\program files\qvodplayer\qvodterminal.exe] => (Allow) C:\program files\qvodplayer\qvodterminal.exe

FirewallRules: [TCP Query User{AC8504B6-4368-4DD7-A0FA-9B43F31CE8C4}C:\program files\java\jre6\bin\java.exe] => (Block) C:\program files\java\jre6\bin\java.exe

FirewallRules: [UDP Query User{2166A62A-A4C6-4883-98CA-3027C56B286D}C:\program files\java\jre6\bin\java.exe] => (Block) C:\program files\java\jre6\bin\java.exe

FirewallRules: [{53A4077D-0F13-4C32-A877-0E4A6BEDAA4D}] => (Allow) E:\setup\HPZnui01.exe

FirewallRules: [{379C1034-43AA-419E-8630-1437E8197350}] => (Allow) E:\setup\HPZnui01.exe

FirewallRules: [{5ABAF1AA-9A03-44F9-9CD1-5080A74C2BB6}] => (Allow) C:\Users\mnar\AppData\Roaming\PPStream\update\ppstreamsetup-update120814.exe

FirewallRules: [{071C473D-8D03-413D-8B56-244064A82370}] => (Allow) C:\Users\mnar\AppData\Roaming\PPStream\update\ppstreamsetup-update120814.exe

FirewallRules: [{1128CAE0-6253-4E8E-8595-EB9713341591}] => (Allow) D:\PPS.tv\PPStream\PPStream.exe

FirewallRules: [{B14B4A41-27B0-4BE0-A693-2FF9DFE514AB}] => (Allow) D:\PPS.tv\PPStream\PPStream.exe

FirewallRules: [{0A2C34DD-14CD-4124-86BE-2AE41BD66CC4}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{7F2EECD1-2A5B-4C55-A468-D322829665FF}] => (Allow) LPort=2869

FirewallRules: [{746C9889-DA26-4B7B-A70F-D6162598068F}] => (Allow) LPort=1900

FirewallRules: [{2D1B4AFB-F4B6-4C8B-B10C-27BE1EDC0EAA}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{3298B12F-9F36-4D8C-B11C-D99338F0C547}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe

FirewallRules: [TCP Query User{D7041ACB-1A7C-4D1D-A814-1FED563DED9E}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe

FirewallRules: [UDP Query User{DFF26335-174A-4698-85DB-2850C38ADF16}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe

FirewallRules: [TCP Query User{C8E53F08-8D7B-4563-9B7F-2F88B6A8431B}C:\users\mnar\downloads\qvodsetupplus.exe] => (Allow) C:\users\mnar\downloads\qvodsetupplus.exe

FirewallRules: [UDP Query User{3E9A77CB-A754-4765-89F2-B2664649EA52}C:\users\mnar\downloads\qvodsetupplus.exe] => (Allow) C:\users\mnar\downloads\qvodsetupplus.exe

FirewallRules: [{54ED8FD0-758A-4782-B62B-60E199388E74}] => (Allow) C:\Program Files\360\360Safe\safemon\360Tray.exe

FirewallRules: [{4AD42B47-BC9E-4CF2-9B5D-5342D1A70DD5}] => (Allow) C:\Program Files\360\360Safe\safemon\360Tray.exe

FirewallRules: [{50A0B792-B30F-4657-B362-AE76937EB872}] => (Allow) C:\Program Files\QvodPlayer\QvodTerminal.exe

FirewallRules: [{3E04AF3E-7B98-4EDF-A9D1-A03B6AF7DF84}] => (Allow) C:\Program Files\QvodPlayer\QvodTerminal.exe

FirewallRules: [TCP Query User{A674D6A0-D883-4E43-8935-3E7D634EC5C5}C:\program files\qvodplayer\qvodplayer.exe] => (Allow) C:\program files\qvodplayer\qvodplayer.exe

FirewallRules: [UDP Query User{1C0A44E8-A902-44C7-8311-90FC1E939C12}C:\program files\qvodplayer\qvodplayer.exe] => (Allow) C:\program files\qvodplayer\qvodplayer.exe

FirewallRules: [TCP Query User{371E8853-3638-47FA-AD32-3FE6576124D7}C:\program files\360\360sd\360sdupd.exe] => (Allow) C:\program files\360\360sd\360sdupd.exe

FirewallRules: [UDP Query User{7F7336B8-301F-44B3-8264-FC34DA802C4E}C:\program files\360\360sd\360sdupd.exe] => (Allow) C:\program files\360\360sd\360sdupd.exe

FirewallRules: [TCP Query User{E1897A03-C9B5-41F7-818D-108319051AC7}C:\program files\qvodplayer\qvodplayer.exe] => (Block) C:\program files\qvodplayer\qvodplayer.exe

FirewallRules: [UDP Query User{AA36F7D4-1F77-4A8C-AC14-8501EF7D2E24}C:\program files\qvodplayer\qvodplayer.exe] => (Block) C:\program files\qvodplayer\qvodplayer.exe

FirewallRules: [TCP Query User{25D03B1D-2E1F-4888-8B21-9DD72B46D355}C:\users\mnar\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mnar\appdata\local\akamai\netsession_win.exe

FirewallRules: [UDP Query User{5408EA4D-19AF-4887-9457-A9E50DA6C14B}C:\users\mnar\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mnar\appdata\local\akamai\netsession_win.exe

FirewallRules: [{2D50AB16-3DBC-40E5-91C4-E3675E1B11CE}] => (Allow) C:\Users\mnar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9638TR4\QvodSetup5.exe

FirewallRules: [{65EC4CC7-D691-42E5-B763-8C4340A01797}] => (Allow) C:\Users\mnar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9638TR4\QvodSetup5.exe

FirewallRules: [{26F0A66B-4C8F-490D-B8CE-B652A13130B3}] => (Allow) C:\Users\mnar\Documents\Downloads\QvodSetup5 (1).exe

FirewallRules: [{7F478DB6-FE42-44C2-9C24-C47A5E5E3C57}] => (Allow) C:\Users\mnar\Documents\Downloads\QvodSetup5 (1).exe

FirewallRules: [TCP Query User{948B2257-14E9-4A5A-904C-00FC06F4724D}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe

FirewallRules: [UDP Query User{247A7625-E22E-4C34-B267-60454039776B}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe

FirewallRules: [TCP Query User{FA086008-9829-4218-BBDE-855203BD86AD}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe

FirewallRules: [UDP Query User{7D118AD8-D8E9-4798-B15F-140411EF81F1}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe

FirewallRules: [{0C273291-8382-46F7-81F5-29FA00D8AB72}] => (Allow) C:\Users\mnar\AppData\Roaming\PPStream\ppsupdate.exe

FirewallRules: [{A7EC20CD-5015-4850-9F63-88FF1A1DADA2}] => (Allow) D:\PPS.tv\PPStream\PPStream.exe

FirewallRules: [{F6197D80-33ED-4ED1-B27C-74CF13F5E0D9}] => (Allow) D:\PPS.tv\PPStream\PPSKernel.exe

FirewallRules: [{A1B602E6-E514-4153-9C8D-5510563CF3E8}] => (Allow) D:\PPS.tv\PPStream\PPSKernel.exe

FirewallRules: [{FE68E7B5-9E50-4C2B-937A-0AFC94045294}] => (Allow) D:\PPS.tv\PPStream\PPSKernel.exe

FirewallRules: [TCP Query User{4186199C-7A83-472F-B4F8-581B40F95F01}D:\pps.tv\ppstream\ppskernel.exe] => (Allow) D:\pps.tv\ppstream\ppskernel.exe

FirewallRules: [UDP Query User{57AFBDE3-2C80-4285-8AF1-0F8709497827}D:\pps.tv\ppstream\ppskernel.exe] => (Allow) D:\pps.tv\ppstream\ppskernel.exe

FirewallRules: [{526A5562-E46D-4449-9B08-762CF4BE7537}] => (Allow) C:\Users\mnar\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

FirewallRules: [TCP Query User{32466EF7-D8AB-4CC4-A897-9329D6872E8F}C:\users\public\qiyi\qiyikernel\app\qykernel.exe] => (Block) C:\users\public\qiyi\qiyikernel\app\qykernel.exe

FirewallRules: [UDP Query User{5C8BE1CA-2451-4815-9860-4536358B3E25}C:\users\public\qiyi\qiyikernel\app\qykernel.exe] => (Block) C:\users\public\qiyi\qiyikernel\app\qykernel.exe

FirewallRules: [{BB81669F-DDA9-407A-8ED4-13313E1129C8}] => (Allow) C:\Users\mnar\AppData\Roaming\PPStream\QyUpdate.exe

FirewallRules: [{611E09CA-0B40-4239-B34A-7964FF297211}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyClient.exe

FirewallRules: [{410C8F25-A1B8-4C4D-BBFE-0E7F6D7B1005}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyKernel.exe

FirewallRules: [{08E78223-BF12-4CE0-BDE8-B65ED51E0307}] => (Allow) C:\Program Files\IQIYI Video\LStyle\MobProtect.exe

FirewallRules: [{727D0842-0F56-4E40-A7A4-EE65995899F9}] => (Allow) E:\setup\HPZNUI01.EXE

FirewallRules: [{49C200A8-1017-440B-BB58-3D50C33FE308}] => (Allow) E:\setup\HPZNUI01.EXE

FirewallRules: [{B3FEF527-9C84-4BCB-AE44-E5975DA9D0C6}] => (Allow) C:\Users\mnar\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe

FirewallRules: [{D5ECB690-A9F6-4163-AA92-4316A8BFD790}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyClient.exe

FirewallRules: [{EEE05A57-0D89-46EA-A322-805E58D8824C}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyWebPlayer.exe

FirewallRules: [{8C78046A-5BC1-4580-9265-F3E0B13A0412}] => (Allow) C:\Program Files\IQIYI Video\Common\HCDNClient.exe

FirewallRules: [{2BC67990-3876-4FA6-A1CE-0DCBB3A14271}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyPlayer.exe

FirewallRules: [TCP Query User{CC774BBF-3A13-42BC-99FC-C8BEABEB687A}C:\program files\iqiyi video\common\qykernel.exe] => (Allow) C:\program files\iqiyi video\common\qykernel.exe

FirewallRules: [UDP Query User{9EA85D08-E183-4832-916C-006FE1691663}C:\program files\iqiyi video\common\qykernel.exe] => (Allow) C:\program files\iqiyi video\common\qykernel.exe

FirewallRules: [TCP Query User{FFAD44C7-6663-4BE5-8FA4-9290329EAF71}C:\program files\iqiyi video\common\qykernel.exe] => (Allow) C:\program files\iqiyi video\common\qykernel.exe

FirewallRules: [UDP Query User{59B59E82-E10F-4ECB-8872-C123384B5476}C:\program files\iqiyi video\common\qykernel.exe] => (Allow) C:\program files\iqiyi video\common\qykernel.exe

FirewallRules: [{D7A9A108-F225-4527-AFD3-58B6FDD21446}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdater.exe

FirewallRules: [{1BC4D9C8-4E9C-4CF6-B722-E29949F19053}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

FirewallRules: [{52136180-E2B3-4B51-A098-CB66F2F90DB7}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

FirewallRules: [{1206F716-DC25-4391-9BE1-F6663423F7B3}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

FirewallRules: [{389FDE37-7EF9-43C0-B25A-5C32F85CC878}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

FirewallRules: [{106E80C1-BFA1-4DDD-ADDC-5BA429ED1ACF}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

FirewallRules: [TCP Query User{263B5C9A-B37C-402F-8687-82DFA4AE4719}C:\windows\system32\rundll32.exe] => (Allow) C:\windows\system32\rundll32.exe

FirewallRules: [UDP Query User{AB07D61F-B27C-4C2F-AAC8-0083EC1A5F8A}C:\windows\system32\rundll32.exe] => (Allow) C:\windows\system32\rundll32.exe

FirewallRules: [TCP Query User{2B283FE2-9410-412E-B4D1-B13C6EB442F4}C:\users\public\qiyi\qiyikernel\app\qykernel.exe] => (Block) C:\users\public\qiyi\qiyikernel\app\qykernel.exe

FirewallRules: [UDP Query User{80B5B497-C570-454B-9B86-B900554616E4}C:\users\public\qiyi\qiyikernel\app\qykernel.exe] => (Block) C:\users\public\qiyi\qiyikernel\app\qykernel.exe

FirewallRules: [{F6ECD8FF-8119-4230-A45E-A943D8E66A86}] => (Allow) C:\Users\mnar\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe

FirewallRules: [{E3DB5F34-9ECE-471F-989C-95AD3A5A55A4}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyClient.exe

FirewallRules: [{59FF2247-CAAE-49A9-ADEA-C9998A364E1C}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyWebPlayer.exe

FirewallRules: [{B92E9016-519A-4955-BB32-A5E9D2BEF909}] => (Allow) C:\Program Files\IQIYI Video\LStyle\GeePlayer.exe

FirewallRules: [{1034DC4D-0A65-4155-ABF2-C519D0BBBCC3}] => (Allow) C:\Program Files\IQIYI Video\Common\HCDNClient.exe

FirewallRules: [{BB45127A-0D3F-41CA-BB00-AF1499A4A532}] => (Allow) C:\Program Files\IQIYI Video\LStyle\MobProtect.exe

FirewallRules: [{42E6AB78-BB21-4A25-A358-969A98773F10}] => (Allow) C:\Program Files\IQIYI Video\Common\QyKernel.exe

FirewallRules: [{457BE3BC-45C2-43BF-92C4-A63926B6F400}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyPlayer.exe

FirewallRules: [{74CCFA93-3F0C-4B6D-9E19-C395A3CCD39B}] => (Allow) C:\Program Files\IQIYI Video\PStyle\QyPlayer.exe

FirewallRules: [{CE6D6B2E-D1C3-4798-9F72-2352B9329000}] => (Allow) C:\Program Files\IQIYI Video\PStyle\QyClient.exe

FirewallRules: [{C27B94DD-A17F-48D7-BE12-36FF68129551}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyWebPlayer.exe

FirewallRules: [{152BE9D1-D8D9-44E4-8394-6A84E0AB4E00}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyClient.exe

FirewallRules: [{F27F0C90-1515-4ADE-B6B8-98A36941C0E0}] => (Allow) C:\Program Files\IQIYI Video\LStyle\GeePlayer.exe

FirewallRules: [{64BF3B03-6F9A-447B-8C1F-DBF87E34871A}] => (Allow) C:\Users\mnar\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe

FirewallRules: [{2EB5C99F-9BDC-431F-9BF9-DB41544E76CE}] => (Allow) C:\Program Files\IQIYI Video\Common\HCDNClient.exe

FirewallRules: [{F7DB6C4F-F5B6-4978-B54B-C38904135897}] => (Allow) C:\Program Files\IQIYI Video\LStyle\MobProtect.exe

FirewallRules: [{F5DD51A1-7B29-4C76-8B4F-D43852E15DC1}] => (Allow) C:\Program Files\IQIYI Video\Common\QyKernel.exe

FirewallRules: [{8E91BF08-5CD1-4FED-8E56-117CC12A60E1}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyPlayer.exe

FirewallRules: [{3D8D5D90-1761-4B01-97E6-42E9EBDFAB35}] => (Allow) C:\Users\mnar\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe

FirewallRules: [{85FA19B2-C12C-415F-8CC1-F6D9CDB8710E}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyClient.exe

FirewallRules: [{371C07EB-A489-4834-B368-3747DF5C81A4}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyWebPlayer.exe

FirewallRules: [{7190CB84-0B09-45E6-A8CC-A855D16224C4}] => (Allow) C:\Program Files\IQIYI Video\LStyle\GeePlayer.exe

FirewallRules: [{4005F575-3486-4888-ACC0-63877D357FE3}] => (Allow) C:\Program Files\IQIYI Video\Common\HCDNClient.exe

FirewallRules: [{E2F15313-1C20-41E4-AB03-E9B0A73276F5}] => (Allow) C:\Program Files\IQIYI Video\Common\QyKernel.exe

FirewallRules: [{AACD0F98-4789-4D0D-89AE-D67A4E9C0E24}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyPlayer.exe

FirewallRules: [{04A56BCA-84B9-4932-9E60-FB88BE12FF53}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyClient.exe

FirewallRules: [{1C1F14ED-1A3D-41B6-AB19-70D07556B4A4}] => (Allow) C:\Users\mnar\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe

FirewallRules: [{B0844B10-AB67-4739-B389-AAED9DEE033C}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyWebPlayer.exe

FirewallRules: [{E4E3BD48-912C-4CFB-BF21-E50CAC090232}] => (Allow) C:\Program Files\IQIYI Video\LStyle\GeePlayer.exe

FirewallRules: [{829FE858-2902-4500-81D5-15EF0FB57B93}] => (Allow) C:\Program Files\IQIYI Video\Common\HCDNClient.exe

FirewallRules: [{35C20745-F4B3-489E-B96F-25EF602DA338}] => (Allow) C:\Program Files\IQIYI Video\Common\QyKernel.exe

FirewallRules: [{70F29945-E7A1-479C-B5B9-8BBBA40E5D54}] => (Allow) C:\Program Files\IQIYI Video\LStyle\QyPlayer.exe

FirewallRules: [TCP Query User{DE5A679A-85DB-4CBD-B2F1-C70ED9F176AA}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe

FirewallRules: [UDP Query User{56D89D6C-41F6-43A7-92A3-9823D6167585}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe

FirewallRules: [{221A3E23-8D7D-42A3-ABBC-04F3EF2155BE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

DomainProfile\AuthorizedApplications: [] => 

DomainProfile\AuthorizedApplications: [C:\Program Files\Vongo\VongoService.exe] => enabled:VongoService

StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink

 

==================== Faulty Device Manager Devices =============

 

Name: Officejet J4680 series

Description: Officejet J4680 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP Color LaserJet 3600

Description: HP Color LaserJet 3600

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Officejet J4680 series

Description: Officejet J4680 series

Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/10/2015 04:28:56 PM) (Source: VSS) (EventID: 12289) (User: )

Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x000002a4,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0249F45C.64).  hr = 0x80070005.

 

Error: (10/10/2015 04:28:55 PM) (Source: VSS) (EventID: 12289) (User: )

Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x00000bf0,(null),0,REG_BINARY,07E1EF40.64).  hr = 0x80070005.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}

   Writer Name: MSSearch Service Writer

   Writer Instance ID: {795879d2-8445-44bc-92f9-2fb708b6e94f}

 

Error: (10/10/2015 04:28:55 PM) (Source: VSS) (EventID: 12289) (User: )

Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x00000bf0,(null),0,REG_BINARY,07E1EF2C.64).  hr = 0x80070005.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}

   Writer Name: MSSearch Service Writer

   Writer Instance ID: {795879d2-8445-44bc-92f9-2fb708b6e94f}

 

Error: (10/10/2015 04:28:55 PM) (Source: VSS) (EventID: 12289) (User: )

Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x000008b0,(null),0,REG_BINARY,0341F208.64).  hr = 0x80070005.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

   Writer Name: WMI Writer

   Writer Instance ID: {01dc3d9d-7f78-4c48-a945-f4f022513753}

 

Error: (10/10/2015 04:28:55 PM) (Source: VSS) (EventID: 12289) (User: )

Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x0000025c,(null),0,REG_BINARY,0469EE18.64).  hr = 0x80070005.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {4a1feccc-70e1-49d5-9fa7-445f2c3c59cf}

 

Error: (10/10/2015 04:28:55 PM) (Source: VSS) (EventID: 12289) (User: )

Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x00000204,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0393F738.64).  hr = 0x80070005.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

   Writer Name: Shadow Copy Optimization Writer

   Writer Instance ID: {881fb36c-26a3-4e92-bbe3-fc9abd90251f}

 

Error: (10/10/2015 04:28:55 PM) (Source: VSS) (EventID: 12289) (User: )

Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x000008b0,(null),0,REG_BINARY,0341F1F4.64).  hr = 0x80070005.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

   Writer Name: WMI Writer

   Writer Instance ID: {01dc3d9d-7f78-4c48-a945-f4f022513753}

 

Error: (10/10/2015 04:28:55 PM) (Source: VSS) (EventID: 12289) (User: )

Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x0000025c,(null),0,REG_BINARY,0469EE04.64).  hr = 0x80070005.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {4a1feccc-70e1-49d5-9fa7-445f2c3c59cf}

 

Error: (10/10/2015 04:28:55 PM) (Source: VSS) (EventID: 12289) (User: )

Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x00000208,SYSTEM\CurrentControlSet\Services\VSS\Diag\ASR Writer,0,REG_BINARY,01D1F388.64).  hr = 0x80070005.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}

   Writer Name: ASR Writer

   Writer Instance ID: {26d7c549-6e4b-4c91-9a71-a05dc6e83108}

 

Error: (10/10/2015 04:28:55 PM) (Source: VSS) (EventID: 12289) (User: )

Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x000001ec,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,036FF7F8.64).  hr = 0x80070005.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}

   Writer Name: COM+ REGDB Writer

   Writer Instance ID: {2d4bc014-2a43-49ce-a130-adc9418edbf9}

 

 

System errors:

=============

Error: (10/10/2015 04:55:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Intuit Update Service v4%%1053

 

Error: (10/10/2015 04:55:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Intuit Update Service v4

 

Error: (10/10/2015 04:53:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

 

Error: (10/10/2015 04:53:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Windows Media Player Network Sharing Service%%1053

 

Error: (10/10/2015 04:53:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Windows Media Player Network Sharing Service

 

Error: (10/10/2015 04:52:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Parallel port driver%%1058

 

Error: (10/10/2015 04:51:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (10/10/2015 04:48:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: C:\Windows\System32\bcmihvsrv.dll

 

Error: (10/10/2015 04:48:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: C:\Windows\System32\bcmihvsrv.dll

 

Error: (10/10/2015 04:47:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: C:\Windows\System32\bcmihvsrv.dll

 

 

CodeIntegrity:

===================================

  Date: 2015-10-10 17:09:50.806

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-10 17:09:49.465

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-10 17:09:48.071

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-10 17:09:46.750

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-10 17:09:44.833

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-10 17:09:43.522

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-10 17:09:42.219

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-10 17:09:40.843

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-10 17:08:21.266

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-10 17:08:19.825

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: AMD Turion™ 64 X2 Mobile Technology TL-60

Percentage of memory in use: 62%

Total physical RAM: 1982.18 MB

Available physical RAM: 750 MB

Total Virtual: 4208.88 MB

Available Virtual: 2786.42 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:220.95 GB) (Free:114.16 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Drive d: (HP_RECOVERY) (Fixed) (Total:11.93 GB) (Free:0.61 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive e: (DWA-642) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: BE132B4A)

Partition 1: (Active) - (Size=220.9 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

[pystryker]

Hi,
I accidentally unplug the power source and had to restart the laptop. When I open the browser it open with blank page (not open with hao.360.cn anymore).

Hello

Ok, no worries, thank you for letting me know.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST

Note: Before running this step, please move FRST.exe from C:\Users\mnar\Documents\Downloads to your Desktop or the fix will not work. All tools must be run from the Desktop.

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt
  
  NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\MountPoints2: {34175e12-7006-11e3-a4ac-001e680966cd} - F:\menu.exe
HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\MountPoints2: {986ebdb4-994c-11db-a541-806e6f6e6963} - E:\DWA642.exe
HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\MountPoints2: {e11b0f65-4f2a-11e1-a1c0-806e6f6e6963} - E:\setup.exe
ShellIconOverlayIdentifiers: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D297} => No File
FF Plugin: @pps.tv/npWebPlayer -> C:\Program Files\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin HKU\S-1-5-21-714856783-1908625882-2316339518-1000: @pps.tv/npWebPlayer -> C:\Program Files\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin HKU\S-1-5-21-714856783-1908625882-2316339518-1000: KuaiWanInsert -> C:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
S4 SOSOUpSvc; no ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
U4 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U0 Sr; no ImagePath
U2 SrService; no ImagePath
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
Task: {BE73B45D-CE64-45B4-A839-9AFF7E538662} - \MobProtect -> No File <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 3: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop

• Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
• Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
• Please Check the following options:
  
  • Reset Proxy Settings
  • Reset Winsock Settings
  • Reset TCP/IP Settings
  • Reset Firewall Settings
  • Reset IPSec Settings
  • Reset BITS Queue
  • Reset Internet Explorer Policies
  • Reset Chrome Policies
• Close any open windows or browsers.
• Pause your Anti-Virus program if it is running.
• Once it starts, click on the Scan button.
• Let the scan complete itself. This may take a few minutes.
• Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
• When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
  This report is also saved at C:\

Step 4: Fresh FRST Scan

• Start Farbar's Recovery Scan Tool and press the Scan button.
• FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

[amy0299]

Hi,

below are the scan results: Thanks!

FixLog:

Fix result of Farbar Recovery Scan Tool (x86) Version:11-10-2015 02

Ran by mnar (2015-10-11 19:01:23) Run:1

Running from C:\Users\mnar\Desktop

Loaded Profiles: mnar (Available Profiles: mnar)

Boot Mode: Normal

 

==============================================

 

fixlist content:

*****************

Start

CreateRestorePoint:

CloseProcesses:

HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\MountPoints2: {34175e12-7006-11e3-a4ac-001e680966cd} - F:\menu.exe

HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\MountPoints2: {986ebdb4-994c-11db-a541-806e6f6e6963} - E:\DWA642.exe

HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\MountPoints2: {e11b0f65-4f2a-11e1-a1c0-806e6f6e6963} - E:\setup.exe

ShellIconOverlayIdentifiers: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D297} => No File

FF Plugin: @pps.tv/npWebPlayer -> C:\Program Files\IQIYI Video\LStyle\npWebPlayer.dll [No File]

FF Plugin HKU\S-1-5-21-714856783-1908625882-2316339518-1000: @pps.tv/npWebPlayer -> C:\Program Files\IQIYI Video\LStyle\npWebPlayer.dll No File

FF Plugin HKU\S-1-5-21-714856783-1908625882-2316339518-1000: KuaiWanInsert -> C:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File

S4 SOSOUpSvc; no ImagePath

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

U4 eabfiltr; no ImagePath

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

U0 Sr; no ImagePath

U2 SrService; no ImagePath

S3 SymIM; system32\DRIVERS\SymIM.sys [X]

S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

Task: {BE73B45D-CE64-45B4-A839-9AFF7E538662} - \MobProtect -> No File <==== ATTENTION

CMD: bitsadmin /reset /allusers

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state on

CMD: ipconfig /flushdns

Emptytemp:

Hosts:

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

"HKU\S-1-5-21-714856783-1908625882-2316339518-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34175e12-7006-11e3-a4ac-001e680966cd}" => key removed successfully.

HKCR\CLSID\{34175e12-7006-11e3-a4ac-001e680966cd} => key not found. 

"HKU\S-1-5-21-714856783-1908625882-2316339518-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{986ebdb4-994c-11db-a541-806e6f6e6963}" => key removed successfully.

HKCR\CLSID\{986ebdb4-994c-11db-a541-806e6f6e6963} => key not found. 

"HKU\S-1-5-21-714856783-1908625882-2316339518-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e11b0f65-4f2a-11e1-a1c0-806e6f6e6963}" => key removed successfully.

HKCR\CLSID\{e11b0f65-4f2a-11e1-a1c0-806e6f6e6963} => key not found. 

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DownloadIcon" => key removed successfully.

HKCR\CLSID\{A8502600-B272-4F68-A67B-A0305D46D297} => key not found. 

"HKLM\Software\MozillaPlugins\@pps.tv/npWebPlayer" => key removed successfully.

"HKU\S-1-5-21-714856783-1908625882-2316339518-1000\Software\MozillaPlugins\@pps.tv/npWebPlayer" => key removed successfully.

C:\Program Files\IQIYI Video\LStyle\npWebPlayer.dll => not found.

"HKU\S-1-5-21-714856783-1908625882-2316339518-1000\Software\MozillaPlugins\KuaiWanInsert" => key removed successfully.

C:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll => not found.

SOSOUpSvc => service removed successfully.

blbdrive => service removed successfully.

eabfiltr => service removed successfully.

IpInIp => service removed successfully.

NwlnkFlt => service removed successfully.

NwlnkFwd => service removed successfully.

Sr => service removed successfully.

SrService => service removed successfully.

SymIM => service removed successfully.

SymIMMP => service removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE73B45D-CE64-45B4-A839-9AFF7E538662}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE73B45D-CE64-45B4-A839-9AFF7E538662}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MobProtect" => key removed successfully.

 

=========  bitsadmin /reset /allusers =========

 

 

BITSADMIN version 3.0 [ 7.0.6001 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

{48E6D6F7-BDBD-4808-8409-CE4203ED2D3B} canceled.

1 out of 1 jobs canceled.

 

========= End of CMD: =========

 

 

=========  netsh advfirewall reset =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  netsh advfirewall set allprofiles state on =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

EmptyTemp: => 629.9 MB temporary data Removed.

 

 

The system needed a reboot.

 

==== End of Fixlog 19:04:21 ====

[amy0299]

JRT scan result:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.6.4 (09.28.2015:1)

OS: Windows Vista ™ Home Premium x86

Ran by mnar on 10/11/2015 Sun at 19:15:38.84

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Chrome

 

 

[C:\Users\mnar\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

 

[C:\Users\mnar\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

 

[C:\Users\mnar\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

 

[C:\Users\mnar\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 10/11/2015 Sun at 19:25:54.43

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[amy0299]

ADWcleaner log file:

# AdwCleaner v5.013 - Logfile created 11/10/2015 at 22:11:36

# Updated 09/10/2015 by Xplode

# Database : 2015-10-09.3 [Server]

# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)

# Username : mnar - MNAR-PC

# Running from : C:\Users\mnar\Desktop\adwcleaner_5.013.exe

# Option : Cleaning

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

 

***** [ Files ] *****

 

[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

 

*************************

 

:: Proxy settings cleared

:: Winsock settings cleared

:: TCP/IP settings cleared

:: Firewall settings cleared

:: IPSec settings cleared

:: BITS queue cleared

:: Chrome policies deleted

 

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [907 bytes] ##########

[amy0299]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-10-2015 02

Ran by mnar (administrator) on MNAR-PC (11-10-2015 22:26:36)

Running from C:\Users\mnar\Desktop

Loaded Profiles: mnar (Available Profiles: mnar)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)

Internet Explorer Version 9 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe

(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe

(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\2331\g2mstart.exe

(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\2331\g2mcomm.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\2331\g2mlauncher.exe

(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2007-08-17] (CyberLink Corp.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)

HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)

HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\Run: [GoToMeeting] => C:\Program Files\Citrix\GoToMeeting\2331\g2mstart.exe [44400 2015-03-11] (Citrix Online, a division of Citrix Systems, Inc.)

HKU\S-1-5-21-714856783-1908625882-2316339518-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PPS影~1.SCR [435576 2009-04-14] (www.pps.tv)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{C0B87525-2220-45AE-9631-A94D26E4BEAF}: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

SearchScopes: HKLM -> DefaultScope {609366DF-90DA-43A4-A871-3846A98F1E45} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKLM -> {609366DF-90DA-43A4-A871-3846A98F1E45} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKU\S-1-5-21-714856783-1908625882-2316339518-1000 -> DefaultScope {44CBFA09-C5B9-4DA1-9519-C6CFA51B3D4B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-714856783-1908625882-2316339518-1000 -> {44CBFA09-C5B9-4DA1-9519-C6CFA51B3D4B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-714856783-1908625882-2316339518-1000 -> {609366DF-90DA-43A4-A871-3846A98F1E45} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-28] (Google Inc.)

BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-11-23] (Symantec Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)

BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-28] (Google Inc.)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

 

FireFox:

========

FF ProfilePath: C:\Users\mnar\AppData\Roaming\Mozilla\Firefox\Profiles\7qxxgz60.default-1444509213169

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-28] ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-02-21] (Adobe Systems, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)

FF Plugin: @qvod.com/QvodInsert -> C:\Program Files\QvodPlayer\npQvodInsert.dll [2014-07-18] (Shenzhen QVOD Technology Co.,Ltd)

FF Plugin: @qvod.com/QvodShare -> C:\Program Files\QvodPlayer\npShareModule.dll [2014-06-24] (Shenzhen QVOD Technology Co.,Ltd)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-714856783-1908625882-2316339518-1000: @citrixonline.com/appdetectorplugin -> C:\Users\mnar\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-11] (Citrix Online)

FF Plugin HKU\S-1-5-21-714856783-1908625882-2316339518-1000: @qvod.com/QvodInsert -> C:\Program Files\QvodPlayer\npQvodInsert.dll [2014-07-18] (Shenzhen QVOD Technology Co.,Ltd)

FF Plugin HKU\S-1-5-21-714856783-1908625882-2316339518-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\mnar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

FF Plugin HKU\S-1-5-21-714856783-1908625882-2316339518-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mnar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-714856783-1908625882-2316339518-1000: none.com/Base -> C:\Program Files\Letv\letvlive\npBase.dll [2014-02-26] (letv)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-04]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Symantec\VIP Access Client

FF Extension: Symantec VIP Access Add-On - C:\Program Files\Symantec\VIP Access Client [2014-03-23]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File

CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll => No File

CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll => No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Profile: C:\Users\mnar\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (AdBlock) - C:\Users\mnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-01]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]

CHR Extension: (Chrome Web Store Payments) - C:\Users\mnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Unblock Youku) - C:\Users\mnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2013-11-01]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1087792 2015-02-18] (Flexera Software LLC)

S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]

S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-07] (Hewlett-Packard Co.) [File not signed]

S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]

R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [663552 2007-10-14] (Hewlett-Packard Co.) [File not signed]

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]

S4 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-09-30] ()

S4 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-09-30] ()

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()

S4 VIPAppService; C:\Program Files\Symantec\VIP Access Client\VIPAppService.exe [81552 2012-11-23] (Symantec Corporation)

S4 Vongo Service; C:\Program Files\Vongo\VongoService.exe [176128 2007-08-31] (Starz Entertainment Group LLC) [File not signed]

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 Ctxusbr; C:\Windows\System32\DRIVERS\ctxusbr.sys [52280 2014-10-29] (Citrix Systems, Inc.)

S3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [41536 2015-05-14] (Citrix Systems, Inc.)

S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-11 19:25 - 2015-10-11 19:25 - 00001075 _____ C:\Users\mnar\Desktop\JRT.txt

2015-10-11 19:00 - 2015-10-11 22:26 - 00000000 ____D C:\FRST

2015-10-11 18:56 - 2015-10-11 18:57 - 02195968 _____ (Farbar) C:\Users\mnar\Desktop\FRST64.exe

2015-10-11 18:45 - 2015-10-11 18:45 - 00000000 ____D C:\Users\mnar\Desktop\FRST-OlderVersion

2015-10-10 17:10 - 2015-10-10 17:14 - 00062397 _____ C:\Users\mnar\Desktop\Addition.txt

2015-10-10 17:07 - 2015-10-11 22:26 - 00015689 _____ C:\Users\mnar\Desktop\FRST.txt

2015-10-10 17:05 - 2015-10-11 18:45 - 00000000 ____D C:\Users\mnar\Desktop\FRST

2015-10-10 17:04 - 2015-10-11 18:45 - 01699840 _____ (Farbar) C:\Users\mnar\Desktop\FRST.exe

2015-10-10 15:53 - 2015-10-10 16:28 - 00000000 ____D C:\ProgramData\HitmanPro

2015-10-10 15:43 - 2015-10-10 16:33 - 00000000 ____D C:\Users\mnar\Desktop\Old Firefox Data

2015-10-10 13:53 - 2015-10-10 13:53 - 01801288 _____ (Malwarebytes) C:\Users\mnar\Desktop\JRT.exe

2015-10-10 13:39 - 2015-10-11 19:07 - 00855450 _____ C:\Windows\PFRO.log

2015-10-09 23:57 - 2015-10-10 16:53 - 00000000 ____D C:\Program Files\Mozilla Firefox

2015-10-09 23:08 - 2015-10-11 22:11 - 00000000 ____D C:\AdwCleaner

2015-10-09 23:07 - 2015-10-09 23:08 - 01682432 _____ C:\Users\mnar\Desktop\adwcleaner_5.013.exe

2015-10-09 22:49 - 2015-10-09 22:49 - 00000000 ____D C:\ProgramData\AOL

2015-10-09 21:19 - 2015-10-11 15:17 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-10-09 21:19 - 2015-10-09 21:19 - 00000899 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-10-09 21:19 - 2015-10-09 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-10-09 21:18 - 2015-10-09 21:19 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

2015-10-09 21:18 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-10-09 21:18 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-09-29 22:06 - 2015-10-11 22:18 - 00000608 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-714856783-1908625882-2316339518-1000.job

2015-09-15 01:03 - 2015-08-13 10:15 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2015-09-15 01:03 - 2015-08-13 10:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2015-09-15 00:58 - 2015-07-21 16:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-09-15 00:58 - 2015-07-21 12:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-09-15 00:58 - 2015-07-21 12:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-09-15 00:58 - 2015-07-21 12:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys

2015-09-15 00:58 - 2015-07-21 12:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2015-09-15 00:58 - 2015-07-21 12:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll

2015-09-15 00:58 - 2015-07-21 12:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-09-15 00:58 - 2015-07-21 12:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-09-15 00:57 - 2015-07-03 12:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll

2015-09-15 00:49 - 2015-07-31 15:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2015-09-15 00:46 - 2015-06-17 12:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2015-09-15 00:46 - 2015-06-17 11:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe

2015-09-15 00:45 - 2015-06-12 12:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2015-09-15 00:39 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2015-09-15 00:38 - 2015-07-10 15:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2015-09-15 00:26 - 2015-03-04 22:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2015-09-15 00:26 - 2015-03-04 22:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll

2015-09-15 00:21 - 2015-07-11 11:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-09-15 00:17 - 2015-07-18 12:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll

2015-09-15 00:13 - 2015-07-10 10:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-09-15 00:10 - 2015-09-02 17:26 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-09-15 00:10 - 2015-09-02 15:55 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-09-15 00:10 - 2015-09-02 15:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-09-14 23:58 - 2015-08-05 11:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2015-09-14 23:48 - 2015-07-10 15:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2015-09-14 23:48 - 2015-07-10 15:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-09-14 23:44 - 2015-05-31 04:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll

2015-09-14 23:13 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe

2015-09-14 23:12 - 2015-07-31 17:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

2015-09-14 23:12 - 2015-07-31 17:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

2015-09-14 23:12 - 2015-07-31 17:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

2015-09-14 23:12 - 2015-07-31 17:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

2015-09-14 23:12 - 2015-07-31 16:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2015-09-14 23:12 - 2015-07-31 16:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2015-09-14 23:12 - 2015-07-31 16:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2015-09-14 23:12 - 2015-07-31 16:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2015-09-14 23:12 - 2015-07-31 16:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2015-09-14 23:06 - 2015-06-27 12:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-09-14 23:06 - 2015-06-27 12:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-09-14 23:06 - 2015-06-27 12:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-09-14 23:06 - 2015-06-27 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2015-09-14 23:06 - 2015-06-27 10:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-09-14 23:06 - 2015-06-27 10:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-09-14 23:06 - 2015-06-12 09:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-09-14 23:06 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-09-14 23:06 - 2015-01-08 20:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-09-14 23:05 - 2015-05-08 19:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-09-14 22:55 - 2015-07-09 10:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe

2015-09-14 22:55 - 2015-07-09 10:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe

2015-09-14 22:55 - 2015-07-01 11:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2015-09-14 22:53 - 2015-05-04 18:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-09-14 22:53 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-09-14 22:53 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-09-14 22:53 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-09-14 22:53 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-09-14 12:48 - 2015-08-17 13:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-09-14 12:48 - 2015-08-17 13:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-09-14 12:48 - 2015-08-17 13:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-09-14 12:48 - 2015-08-17 13:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-09-14 12:48 - 2015-08-17 13:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-09-14 12:48 - 2015-08-17 13:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-09-14 12:48 - 2015-08-17 13:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-09-14 12:48 - 2015-08-17 13:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-09-14 12:48 - 2015-08-17 13:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-09-14 12:48 - 2015-08-17 13:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2015-09-14 12:48 - 2015-08-17 13:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-09-14 12:48 - 2015-08-17 13:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-11 22:18 - 2012-12-21 20:13 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-714856783-1908625882-2316339518-1000UA.job

2015-10-11 22:18 - 2007-12-05 21:26 - 01129170 _____ C:\Windows\WindowsUpdate.log

2015-10-11 22:15 - 2012-02-09 18:23 - 00267848 _____ C:\ProgramData\nvModes.dat

2015-10-11 22:15 - 2012-02-09 18:23 - 00267848 _____ C:\ProgramData\nvModes.001

2015-10-11 22:14 - 2012-11-18 12:09 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-11 22:14 - 2006-11-02 08:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-10-11 22:14 - 2006-11-02 08:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-10-11 22:13 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-10-11 22:12 - 2015-03-11 09:41 - 00000512 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-714856783-1908625882-2316339518-1000.job

2015-10-11 22:12 - 2006-11-02 09:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-10-11 21:41 - 2012-11-18 12:09 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-10-11 21:35 - 2012-04-08 11:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-10-11 19:18 - 2012-12-21 20:13 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-714856783-1908625882-2316339518-1000Core.job

2015-10-10 13:58 - 2006-11-02 07:18 - 00000000 ___RD C:\Users\Public

2015-10-09 21:19 - 2012-03-28 21:42 - 00000000 ____D C:\Users\mnar\AppData\Roaming\Malwarebytes

2015-10-09 21:19 - 2012-03-28 21:42 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-10-09 21:11 - 2012-04-12 21:18 - 00000000 ____D C:\ProgramData\38FDB89C-1EBD-4366-84B2-336D12CC3209

2015-10-09 21:10 - 2014-01-20 20:12 - 00000000 ____D C:\Users\mnar\AppData\Local\Citrix

2015-10-09 21:10 - 2012-04-01 10:08 - 00000000 ____D C:\Program Files\FileHippo.com

2015-10-09 21:02 - 2012-02-04 08:31 - 00000000 ____D C:\Users\mnar\AppData\Roaming\Mozilla

2015-10-09 21:00 - 2015-03-27 13:06 - 00000000 ____D C:\ProgramData\Citrix

2015-10-09 21:00 - 2014-01-20 20:12 - 00000000 ____D C:\Program Files\Citrix

2015-09-28 20:36 - 2012-04-08 11:23 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-09-28 20:36 - 2012-02-04 08:38 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-09-28 20:08 - 2012-11-18 12:11 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-09-28 19:42 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache

2015-09-28 19:42 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET

2015-09-28 18:49 - 2006-11-02 06:33 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI

2015-09-28 18:48 - 2012-11-18 12:09 - 00000000 ____D C:\Users\mnar\AppData\Local\Google

2015-09-28 18:40 - 2006-11-02 08:47 - 00318648 _____ C:\Windows\system32\FNTCACHE.DAT

2015-09-28 18:37 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\system32\XPSViewer

2015-09-28 18:37 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Journal

2015-09-15 01:03 - 2007-10-22 16:36 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-09-15 00:55 - 2012-02-03 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-09-15 00:54 - 2012-02-03 13:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2015-09-15 00:44 - 2012-02-18 09:57 - 00001945 _____ C:\Windows\epplauncher.mif

2015-09-15 00:44 - 2007-01-01 00:25 - 00001826 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2015-09-15 00:43 - 2012-02-18 09:55 - 00000000 ____D C:\Program Files\Microsoft Security Client

2015-09-14 23:36 - 2013-08-15 00:03 - 00000000 ____D C:\Windows\system32\MRT

2015-09-14 18:05 - 2012-03-31 18:14 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2015-09-14 17:58 - 2012-02-02 22:13 - 00000000 ____D C:\Users\mnar\AppData\Roaming\Macromedia

2015-09-14 16:36 - 2012-03-21 07:06 - 00000000 ____D C:\New Folder

 

==================== Files in the root of some directories =======

 

2014-09-18 10:41 - 2015-09-09 18:35 - 0000093 _____ () C:\Users\mnar\AppData\Roaming\ARCompanion.log

2013-07-04 09:04 - 2014-04-13 08:58 - 0000954 _____ () C:\Users\mnar\AppData\Roaming\coreavc.ini

2012-02-03 16:48 - 2012-02-09 17:56 - 0051528 _____ () C:\Users\mnar\AppData\Roaming\nvModes.001

2012-02-03 16:48 - 2012-02-08 16:21 - 0051528 _____ () C:\Users\mnar\AppData\Roaming\nvModes.dat

2012-03-03 10:31 - 2012-04-01 09:39 - 0003384 _____ () C:\Users\mnar\AppData\Roaming\wklnhst.dat

2012-02-02 22:16 - 2012-02-02 22:16 - 0000000 _____ () C:\Users\mnar\AppData\Local\AtStart.txt

2012-02-03 08:57 - 2012-02-28 07:20 - 0006944 _____ () C:\Users\mnar\AppData\Local\d3d9caps.dat

2012-04-02 21:50 - 2014-02-03 21:52 - 0005120 _____ () C:\Users\mnar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-02-02 22:16 - 2012-02-02 22:16 - 0000000 _____ () C:\Users\mnar\AppData\Local\DSwitch.txt

2012-02-19 18:04 - 2013-04-13 14:47 - 0000000 _____ () C:\Users\mnar\AppData\Local\FnF4.txt

2012-02-02 22:16 - 2012-02-02 22:16 - 0000000 _____ () C:\Users\mnar\AppData\Local\QSwitch.txt

2007-10-22 16:40 - 2015-01-01 09:50 - 0005868 _____ () C:\ProgramData\hpzinstall.log

2012-03-30 00:00 - 2014-12-08 09:47 - 0001177 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

2012-02-09 18:23 - 2015-10-11 22:15 - 0267848 _____ () C:\ProgramData\nvModes.001

2012-02-09 18:23 - 2015-10-11 22:15 - 0267848 _____ () C:\ProgramData\nvModes.dat

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-10-11 22:19

 

==================== End of FRST.txt ============================

[amy0299]

Addition log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-10-2015 02

Ran by mnar (2015-10-11 22:32:23)

Running from C:\Users\mnar\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2007-12-06 01:28:50)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-714856783-1908625882-2316339518-500 - Administrator - Disabled)

Guest (S-1-5-21-714856783-1908625882-2316339518-501 - Limited - Disabled)

mnar (S-1-5-21-714856783-1908625882-2316339518-1000 - Administrator - Enabled) => C:\Users\mnar

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden

4660_4680_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden

Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)

Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)

Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)

Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)

Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)

BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden

bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden

BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden

BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden

Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 5.10.38.26 - Broadcom Corporation)

BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden

Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.60 - Conexant)

CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1002 - CyberLink Corp.)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden

DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

DocMgr (Version: 100.0.201.000 - Hewlett-Packard) Hidden

DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden

DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.0928 - CyberLink Corp.)

EA Link (HKLM\...\InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}) (Version: 3.1.1.4 - Electronic Arts)

EA Link (Version: 3.1.1.4 - Electronic Arts) Hidden

ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)

ESU for Microsoft Vista (HKLM\...\{68471BF2-F1F7-4C89-BBBA-400B94996596}) (Version: 2.0.10.1 - Hewlett-Packard)

eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

Fax (Version: 100.0.272.000 - Hewlett-Packard) Hidden

FoneSync (HKLM\...\FoneSync) (Version:  - )

Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden

GoToMeeting 7.3.0.3499 (HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\GoToMeeting) (Version: 7.3.0.3499 - CitrixOnline)

GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden

Hauppauge MCE XP/Vista Software Encoder (2.0.25149) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25149 - Hauppauge Computer Works, Inc.)

HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )

Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden

Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden

Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden

HP Active Support Library (HKLM\...\{11BB336F-0E58-4977-B866-F24FA334616B}) (Version: 2.3.0.2 - Hewlett-Packard)

HP Customer Experience Enhancements (HKLM\...\{BD0E2B92-3814-46F0-893B-4612EA010C7E}) (Version: 5.4.0.2430 - Hewlett-Packard)

HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)

HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.02.0001 - Hewlett-Packard)

HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)

HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)

HP Help and Support (HKLM\...\{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}) (Version: 1.5.1 - Hewlett-Packard)

HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)

HP Officejet All-In-One Series (HKLM\...\{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}) (Version: 1.0 - HP)

HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)

HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)

HP QuickPlay 3.6 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )

HP QuickTouch 1.00 C4 (HKLM\...\{7DC4A410-9986-4329-9E5D-687B2C42CA39}) (Version: 1.0.7 - Hewlett-Packard)

HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)

HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)

HP Total Care Advisor (HKLM\...\{b02df929-29a7-4fd2-9a70-81a644b635f7}) (Version: 1.4.19.2433 - Hewlett-Packard)

HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)

HP User Guides 0087 (HKLM\...\{4D49757C-367A-4333-BDB3-68966162B14E}) (Version: 1.02.0000 - Hewlett-Packard )

HP Wireless Assistant (HKLM\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H2 - Hewlett-Packard)

HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)

HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden

hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden

HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden

HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden

HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden

HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden

HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden

HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden

HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden

J4680 (Version: 50.0.165.000 - Hewlett-Packard) Hidden

Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle)

Java™ 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)

Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)

JavaFX 2.0.3 (HKLM\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)

Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2128 - CyberLink Corp.)

LAV Filters 0.55.3 (HKLM\...\lavfilters_is1) (Version: 0.55.3 - Hendrik Leppkes)

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden

Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Money 2001 (HKLM\...\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}) (Version: 9.0.0.0 - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

Microsoft Works 2001 Setup Launcher (HKLM\...\Works2001Setup) (Version:  - )

Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}) (Version: 2.0.0.0000 - Microsoft Corporation)

Mozilla Firefox 19.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 19.0.2 (x86 en-US)) (Version: 19.0.2 - Mozilla)

MSCU for Microsoft Vista (HKLM\...\{F7F3B252-E772-48AA-93EB-7964BC326067}) (Version: 1.0.1.9 - Hewlett-Packard)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

muvee autoProducer 6.1 (HKLM\...\{250E9609-E830-43EB-B379-DAB7546A2422}) (Version: 6.10.050 - muvee Technologies)

My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent)

NetDeviceManager (Version: 100.0.170.000 - Hewlett-Packard) Hidden

NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.46 - BVRP Software, Inc)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)

OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)

Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3327 - CyberLink Corp.)

PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2129 - CyberLink Corp.)

PowerDirector (Version: 6.5.2129 - CyberLink Corp.) Hidden

ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden

PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden

QuickPlay SlingPlayer 0.4.4 (HKLM\...\SlingMedia.QPSlingPlayer_is1) (Version: 0.4.4 - SlingMedia)

RabbitTV (HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\6c2290d276fa0f0d) (Version: 1.0.0.8 - RabbitTV.com)

Revo Uninstaller Pro 2.5.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.7 - VS Revo Group, Ltd.)

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )

Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.)

Samsung Kies3 (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.) Hidden

Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden

Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)

Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Slingbox Flash Tour (HKLM\...\{38EAC694-0D90-445F-8C17-8B50ADFE3162}) (Version: 1.0.0 - Sling Media)

SlingPlayer (HKLM\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)

SlingPlayer (Version: 1.04.0206 - Sling Media) Hidden

SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden

SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden

Status (Version: 100.0.272.000 - Hewlett-Packard) Hidden

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Tableau 8.3 (8300.15.0114.2230) (32-bit) (HKLM\...\{D924C15D-B674-4D90-A0ED-889ADB9B99E8}) (Version: 8.3.1412 - Tableau Software)

The Sims™ Life Stories (HKLM\...\{2284D904-C138-4B58-93EC-5C362AB5130A}) (Version: 1.00.0000 - Electronic Arts)

Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden

TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden

TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)

TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)

TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)

Unity Web Player (HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Video to Video (HKLM\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version:  - Media Converters)

VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden

VIP Access (HKLM\...\{97C89A11-9AD7-49CE-9F90-54BF075623CE}) (Version: 2.1.1.34 - Symantec Corporation)

Vongo (HKLM\...\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}) (Version: 1.51.40 - Starz)

WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden

WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Works Suite OS Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden

Works Synchronization (Version: 1.0.0.0000 - Your Company Name) Hidden

乐视视频 V7.0.5.244 (HKLM\...\乐视视频) (Version: V7.0.5.244 - 乐视网信息技术（北京）股份有限公司.)

快播 5.20.241 (HKLM\...\QvodPlayer) (Version: 5.20.241 - Shenzhen Qvod Technology Co.,Ltd)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{02E2D748-67F8-48B4-8AB4-0A085374BB99}\InprocServer32 -> C:\Program Files\QvodPlayer\Allplugin.dll (Shenzhen QVOD Technology Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\mnar\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\mnar\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\mnar\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{7B94F0F0-7CDD-11D3-9B96-00105AA4504D}\InprocServer32 -> C:\Program Files\Microsoft Money\System\pmasdskr.dll ()

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\2331\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\mnar\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{8cbf578d-51ae-534c-a7c3-6aef0845f574}\InprocServer32 -> C:\Program Files\Letv\letvlive\npBase.dll (letv)

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\mnar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{E5D0E06D-5309-11D1-A1F0-0000F875A2F0}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mscps.dll ()

CustomCLSID: HKU\S-1-5-21-714856783-1908625882-2316339518-1000_Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\InprocServer32 -> C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)

 

==================== Restore Points =========================

 

09-09-2015 18:05:31 Installed NetScaler Gateway Plug-in

09-09-2015 19:07:35 Device Driver Package Install: Citrix Systems Inc. Citrix USB Devices

14-09-2015 13:15:37 Scheduled Checkpoint

14-09-2015 22:52:37 Windows Update

28-09-2015 19:22:54 Windows Update

29-09-2015 21:48:47 Scheduled Checkpoint

03-10-2015 10:22:50 Windows Update

04-10-2015 17:29:12 Scheduled Checkpoint

06-10-2015 17:17:18 Scheduled Checkpoint

07-10-2015 22:46:30 Windows Update

09-10-2015 21:01:09 Removed NetScaler Gateway Plug-in

09-10-2015 21:09:35 Removed Citrix Online Launcher

09-10-2015 21:11:00 Removed GEAR driver installer 4.019

09-10-2015 21:12:37 Removed HP Product Detection

09-10-2015 21:13:24 Removed HP Product Detection

10-10-2015 13:54:19 JRT Pre-Junkware Removal

10-10-2015 16:23:18 Checkpoint by HitmanPro

10-10-2015 16:27:01 Checkpoint by HitmanPro

11-10-2015 10:51:43 Windows Update

11-10-2015 19:01:31 Restore Point Created by FRST

11-10-2015 19:15:40 JRT Pre-Junkware Removal

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2006-11-02 06:23 - 2015-10-11 19:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {001EEF8D-50E1-40FF-AED9-7C9192D95C32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-09] (Google Inc.)

Task: {02F66216-CCE2-4BCF-A205-F31F57951ACB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-09] (Google Inc.)

Task: {0EABD965-47A0-40DC-8CB8-F70291FFA082} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)

Task: {14DEFE17-9DD4-4BA5-9A85-E6B0BA2DC7CA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-28] (Adobe Systems Incorporated)

Task: {2177436A-4B37-4431-A6F8-CF1E18C6BF6F} - System32\Tasks\{97475681-0A95-422A-B354-A176E71499EC} => pcalua.exe -a C:\Users\mnar\Downloads\sp41675.exe -d "C:\Program Files\Mozilla Firefox"

Task: {2420E39C-62AE-4CA7-B401-D9102434B119} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

Task: {24805DED-F138-4791-89BD-D8DB7AE42CA1} - System32\Tasks\{65C81E28-8840-4EC2-A976-701DD0C2B078} => pcalua.exe -a "C:\Program Files\AIM6\uninst.exe"

Task: {2B3409D9-4939-40FC-AD77-95E9A70F89C6} - System32\Tasks\{80D42F87-9111-4D0C-96C7-E691419A3942} => Iexplore.exe http://ui.skype.com/...#38;page=tsBing

Task: {2DDE714F-7017-414F-B8BC-CF29D2E618C1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)

Task: {301929A3-9FF2-4D63-982A-90A1FAC19FED} - System32\Tasks\G2MUploadTask-S-1-5-21-714856783-1908625882-2316339518-1000 => C:\Program Files\Citrix\GoToMeeting\3499\g2mupload.exe [2015-09-29] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {36F3FFCD-24AC-4AAF-AA2E-19487139C519} - System32\Tasks\{D1D4B339-1319-4BD4-8583-A7DF67993480} => pcalua.exe -a C:\Users\mnar\Downloads\sp56954.exe -d C:\Users\mnar\Downloads

Task: {54E4B634-87C2-44F5-8F1E-AA9294BCE64A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-714856783-1908625882-2316339518-1000Core => C:\Users\mnar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-21] (Facebook Inc.)

Task: {9D794DE5-3DB2-40CA-91C5-0DB3D97CD68B} - System32\Tasks\G2MUpdateTask-S-1-5-21-714856783-1908625882-2316339518-1000 => C:\Program Files\Citrix\GoToMeeting\3499\g2mupdate.exe [2015-09-29] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {B496EE04-F1DB-410D-AE0B-112ED55A6823} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-714856783-1908625882-2316339518-1000UA => C:\Users\mnar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-21] (Facebook Inc.)

Task: {D3283A85-52BD-40FC-A604-16CAF15E7911} - System32\Tasks\{44CE804F-6F50-456B-BBEB-1F5585CEB9C7} => pcalua.exe -a E:\setup.exe -d E:\

Task: {FAAD79FC-ECF5-4D81-AC0C-18C1474722A9} - System32\Tasks\{F771CB33-84AE-45EC-90DB-423EBBBF0AA6} => pcalua.exe -a C:\Users\mnar\Downloads\QvodSetup5.exe -d C:\Users\mnar

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-714856783-1908625882-2316339518-1000Core.job => C:\Users\mnar\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-714856783-1908625882-2316339518-1000UA.job => C:\Users\mnar\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-714856783-1908625882-2316339518-1000.job => C:\Program Files\Citrix\GoToMeeting\3499\g2mupdate.exe

Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-714856783-1908625882-2316339518-1000.job => C:\Program Files\Citrix\GoToMeeting\3499\g2mupload.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2007-10-22 16:48 - 2007-01-09 06:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-714856783-1908625882-2316339518-1000\...\intuit.com -> hxxps://ttlc.intuit.com

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-714856783-1908625882-2316339518-1000\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HPRadiance.jpg

DNS Servers: 75.75.75.75 - 75.75.76.76

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: HP Health Check Service => 2

MSCONFIG\Services: hpqddsvc => 2

MSCONFIG\Services: hpqwmiex => 2

MSCONFIG\Services: IntuitUpdateServiceV4 => 2

MSCONFIG\Services: McComponentHostService => 3

MSCONFIG\Services: QPCapSvc => 2

MSCONFIG\Services: QPSched => 2

MSCONFIG\Services: QWAVE => 3

MSCONFIG\Services: SOSOUpSvc => 2

MSCONFIG\Services: VIPAppService => 2

MSCONFIG\Services: Vongo Service => 3

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk => C:\Windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk => C:\Windows\pss\Vongo Tray.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^mnar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk => C:\Windows\pss\Citrix Receiver.lnk.Startup

MSCONFIG\startupfolder: C:^Users^mnar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk => C:\Windows\pss\ERUNT AutoBackup.lnk.Startup

MSCONFIG\startupfolder: C:^Users^mnar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PPS.lnk => C:\Windows\pss\PPS.lnk.Startup

MSCONFIG\startupfolder: C:^Users^mnar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^爱奇艺PPS影音.lnk => C:\Windows\pss\爱奇艺PPS影音.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\mnar\AppData\Local\Akamai\netsession_win.exe"

MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

MSCONFIG\startupreg: Facebook Update => "C:\Users\mnar\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

MSCONFIG\startupreg: HCDNClient => "C:\Program Files\IQIYI Video\Common\HCDNClient.exe" -shell_start

MSCONFIG\startupreg: HP Health Check Scheduler => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: HPAdvisor => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

MSCONFIG\startupreg: hpWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

MSCONFIG\startupreg: LetvHClient => C:\Program Files\Letv\letvlive\LetvHClient.exe

MSCONFIG\startupreg: Loader => C:\Program Files\Letv\letvlive\LeTVLoader.exe #mini

MSCONFIG\startupreg: Microsoft Works Update Detection => C:\Program Files\Microsoft Works\WkDetect.exe

MSCONFIG\startupreg: MoneyAgent => "C:\Program Files\Microsoft Money\System\Money Express.exe"

MSCONFIG\startupreg: MoneyStartUp => C:\Program Files\Microsoft Money\System\Money Startup.exe

MSCONFIG\startupreg: OnScreenDisplay => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

MSCONFIG\startupreg: PPS Accelerator => D:\PPS.tv\PPStream\PPSKernel.exe

MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"

MSCONFIG\startupreg: QvodTerminal => "C:\Program Files\QvodPlayer\QvodTerminal.exe" -autorun

MSCONFIG\startupreg: QyClient => "C:\Program Files\IQIYI Video\PStyle\QyClient.exe" autostart

MSCONFIG\startupreg: QyKernel => C:\Program Files\IQIYI Video\LStyle\QyKernel.exe

MSCONFIG\startupreg: Redirector => "C:\Program Files\Citrix\ICA Client\redirector.exe" /startup

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: WAWifiMessage => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

MSCONFIG\startupreg: WorksFUD => C:\Program Files\Microsoft Works\wkfud.exe

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [EarthLink2] => (Allow) C:\Program Files\earthlink totalaccess\taskpanl.exe

FirewallRules: [EarthLink1] => (Allow) C:\Program Files\earthlink totalaccess\taskpanl.exe

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

DomainProfile\AuthorizedApplications: [] => 

DomainProfile\AuthorizedApplications: [C:\Program Files\Vongo\VongoService.exe] => enabled:VongoService

StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink

 

==================== Faulty Device Manager Devices =============

 

Name: Officejet J4680 series

Description: Officejet J4680 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP Color LaserJet 3600

Description: HP Color LaserJet 3600

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Officejet J4680 series

Description: Officejet J4680 series

Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/11/2015 07:01:27 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.

This is often caused by incorrect security settings in either the writer or requestor process.

 

 

Operation:

   Gathering Writer Data

 

Context:

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {48729bf5-cea8-4e22-8c5e-7472f539872b}

 

Error: (10/11/2015 06:38:23 PM) (Source: MsiInstaller) (EventID: 11706) (User: mnar-PC)

Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.

 

Error: (10/10/2015 08:10:37 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MNAR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\YM43EIHF.DEFAULT\CACHE\F> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (10/10/2015 08:10:37 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MNAR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\YM43EIHF.DEFAULT\CACHE\E> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (10/10/2015 08:10:37 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MNAR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\YM43EIHF.DEFAULT\CACHE\D> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (10/10/2015 08:08:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MNAR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\YM43EIHF.DEFAULT\CACHE\C> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (10/10/2015 08:08:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MNAR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\YM43EIHF.DEFAULT\CACHE\B> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (10/10/2015 08:08:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MNAR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\YM43EIHF.DEFAULT\CACHE\A> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (10/10/2015 08:08:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MNAR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\YM43EIHF.DEFAULT\CACHE\9> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (10/10/2015 08:08:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MNAR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\YM43EIHF.DEFAULT\CACHE\8> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

 

System errors:

=============

Error: (10/11/2015 10:15:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (10/11/2015 10:15:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Parallel port driver%%1058

 

Error: (10/11/2015 10:12:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: C:\Windows\System32\bcmihvsrv.dll

 

Error: (10/11/2015 10:12:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: C:\Windows\System32\bcmihvsrv.dll

 

Error: (10/11/2015 10:12:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: C:\Windows\System32\bcmihvsrv.dll

 

Error: (10/11/2015 10:12:06 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: 1Restart the serviceWindows Search%%1056

 

Error: (10/11/2015 10:11:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Software Licensing23000001Restart the service

 

Error: (10/11/2015 10:11:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Windows Media Player Network Sharing Service2300001Restart the service

 

Error: (10/11/2015 10:11:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Windows Live ID Sign-in Assistant2100001Restart the service

 

Error: (10/11/2015 10:11:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Windows Search1300001Restart the service

 

 

CodeIntegrity:

===================================

  Date: 2015-10-11 22:32:08.457

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-11 22:32:07.168

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-11 22:32:05.900

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-11 22:32:04.612

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-11 22:32:02.860

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-11 22:32:01.565

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-11 22:32:00.284

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-11 22:31:58.996

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-11 22:31:08.488

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-11 22:31:07.223

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: AMD Turion™ 64 X2 Mobile Technology TL-60

Percentage of memory in use: 52%

Total physical RAM: 1982.18 MB

Available physical RAM: 933.01 MB

Total Virtual: 4212.81 MB

Available Virtual: 3121.75 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:220.95 GB) (Free:113.72 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Drive d: (HP_RECOVERY) (Fixed) (Total:11.93 GB) (Free:0.61 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive e: (DWA-642) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: BE132B4A)

Partition 1: (Active) - (Size=220.9 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

 

 

 

Thanks!

[pystryker]

Hi, let's run a sweep for remnants and check for any out of date programs on your machine.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes


Start Malwarebytes Anti-Malware and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.




Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

• Select the option YES, I accept the Terms of Use then click on Start
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
• Now click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• Now click on Finish
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Step 3: SecurityCheck Scan


Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need to see in your next post:

• ESET Scan Log
• MBAM Log
• SecurityCheck Log
• How is the machine running?

[amy0299]

Hi,

Below are the scan results. I will restart and post the result on how the machine is running shortly. Thanks!

 

1) MBAM Log:

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/13/2015

Scan Time: 2:59:12 AM

Logfile: MBAM log.txt

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.10.13.01

Rootkit Database: v2015.10.06.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows Vista Service Pack 2

CPU: x86

File System: NTFS

User: mnar

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 329036

Time Elapsed: 1 hr, 3 min, 44 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

 

 

 

 

 

2) ESET Scan Log:

 

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=8a633a9bf86f6649af576e058fa42065

# end=init

# utc_time=2015-10-13 02:37:22

# local_time=2015-10-12 10:37:22 (-0500, Eastern Daylight Time)

# country="United States"

# osver=6.0.6002 NT Service Pack 2

Update Init

Update Download

Update Finalize

Updated modules version: 26204

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=8a633a9bf86f6649af576e058fa42065

# end=updated

# utc_time=2015-10-13 02:44:13

# local_time=2015-10-12 10:44:13 (-0500, Eastern Daylight Time)

# country="United States"

# osver=6.0.6002 NT Service Pack 2

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=8a633a9bf86f6649af576e058fa42065

# engine=26204

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2015-10-13 08:34:50

# local_time=2015-10-13 04:34:50 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 1511470 138794894 0 0

# scanned=226199

# found=4

# cleaned=0

# scan_time=21036

sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\mnar\Documents\Downloads\ccsetup414 (1).exe"

sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\mnar\Documents\Downloads\ccsetup414.exe"

sh=3D9464ED38C43E961441DC714B26D51DCF514716 ft=1 fh=f92c756cab506389 vn="multiple threats" ac=I fn="C:\Users\mnar\Documents\Downloads\ErrorEND_Pro_Installer(1).exe"

sh=3D9464ED38C43E961441DC714B26D51DCF514716 ft=1 fh=f92c756cab506389 vn="multiple threats" ac=I fn="C:\Users\mnar\Documents\Downloads\ErrorEND_Pro_Installer.exe"

 

 

 

3)  Results of screen317's Security Check version 1.009  

 Windows Vista Service Pack 2 x86 (UAC is disabled!)  

 Internet Explorer 9  

 Internet Explorer 8  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 CCleaner     

 JavaFX 2.0.3    

 Java™ 6 Update 30  

 Java 7 Update 45  

 Java™ 6 Update 2  

 Java version 32-bit out of Date! 

 Adobe Flash Player 19.0.0.185  

 Adobe Reader 10.1.15 Adobe Reader out of Date!  

 Mozilla Firefox 19.0.2 Firefox out of Date!  

 Google Chrome (45.0.2454.101) 

 Google Chrome (45.0.2454.85) 

 Google Chrome (plugins...) 

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0 % 

````````````````````End of Log`````````````````````` 

[amy0299]

The machine is running a little faster than before. And do not see the hijacked website comes up. Thanks!

[pystryker]

The machine is running a little faster than before. And do not see the hijacked website comes up. Thanks!

You're welcome. Let's remove my tools and create a new, clean restore point on your machine so if you have to do a system restore at some point, you won't have to use a malware infected one.


Step 1: Tool Removal with Delfix and Creation of a clean restore point

• Download Delfix from here
• Ensure Remove disinfection tools is ticked
  Also tick:
  • Create registry backup
  • Purge system restore
  • Reset System Settings
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

• You can uninstall ESET Online Scanner at this time.
• I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

Step 2: Tips, Information, and Optional Installation of Unchecky

• Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
• Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
• Be careful of the websites you visit.
• When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go.

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?


Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

• Click here to be taken to Unchecky.com
• Click the very large Download button.
• Click Save
• Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)
• Once open, click the Install button.

Then click Finish




Unchecky is now installed and will help you keep unwanted check boxes unchecked.


Things I need to see in your next post

Delfix Log

[amy0299]

Thank you so much for the tips! Below is the Delfx log:

 

# DelFix v1.010 - Logfile created 13/10/2015 at 22:37:23

# Updated 26/04/2015 by Xplode

# Username : mnar - MNAR-PC

# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

 

~ Removing disinfection tools ...

 

Deleted : C:\_OTL

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\Users\mnar\Desktop\FRST-OlderVersion

Deleted : C:\TDSSKiller.2.7.23.0_28.03.2012_21.00.18_log.txt

Deleted : C:\Users\mnar\Desktop\Addition.txt

Deleted : C:\Users\mnar\Desktop\adwcleaner_5.013.exe

Deleted : C:\Users\mnar\Desktop\esetsmartinstaller_enu.exe

Deleted : C:\Users\mnar\Desktop\Fixlog.txt

Deleted : C:\Users\mnar\Desktop\FRST.exe

Deleted : C:\Users\mnar\Desktop\FRST.txt

Deleted : C:\Users\mnar\Desktop\FRST64.exe

Deleted : C:\Users\mnar\Desktop\JRT.exe

Deleted : C:\Users\mnar\Desktop\JRT.txt

Deleted : C:\Users\mnar\Desktop\SecurityCheck.exe

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #704 [Scheduled Checkpoint | 09/14/2015 17:15:37]

Deleted : RP #705 [Windows Update | 09/15/2015 02:52:37]

Deleted : RP #706 [Windows Update | 09/28/2015 23:22:54]

Deleted : RP #707 [Scheduled Checkpoint | 09/30/2015 01:48:47]

Deleted : RP #708 [Windows Update | 10/03/2015 14:22:50]

Deleted : RP #709 [Scheduled Checkpoint | 10/04/2015 21:29:12]

Deleted : RP #710 [Scheduled Checkpoint | 10/06/2015 21:17:18]

Deleted : RP #711 [Windows Update | 10/08/2015 02:46:30]

Deleted : RP #712 [Removed NetScaler Gateway Plug-in | 10/10/2015 01:01:09]

Deleted : RP #713 [Removed Citrix Online Launcher | 10/10/2015 01:09:35]

Deleted : RP #714 [Removed GEAR driver installer 4.019 | 10/10/2015 01:11:00]

Deleted : RP #715 [Removed HP Product Detection | 10/10/2015 01:12:37]

Deleted : RP #716 [Removed HP Product Detection | 10/10/2015 01:13:24]

Deleted : RP #717 [JRT Pre-Junkware Removal | 10/10/2015 17:54:19]

Deleted : RP #718 [Checkpoint by HitmanPro | 10/10/2015 20:23:18]

Deleted : RP #719 [Checkpoint by HitmanPro | 10/10/2015 20:27:01]

Deleted : RP #720 [Windows Update | 10/11/2015 14:51:43]

Deleted : RP #722 [Restore Point Created by FRST | 10/11/2015 23:01:31]

Deleted : RP #723 [JRT Pre-Junkware Removal | 10/11/2015 23:15:40]

Deleted : RP #724 [Scheduled Checkpoint | 10/13/2015 09:44:58]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########