Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC freezes and cannot delete SlimCleaner Plus [Closed]


  • This topic is locked This topic is locked

#1
hichicha

hichicha

    Member

  • Member
  • PipPip
  • 10 posts

The PC starts freezing about 5 minutes after computer is turned on with no response from any windows. It looks like SlimCleaner Plus and other related malware were somehow put onto the computer about a week ago. I followed the steps outlined on malwaretips.com (https://malwaretips....driverupdate-a/ and https://malwaretips....mcleaner-plus/) but was not successful in deleting SlimCleaner Plus. I'm not sure how to proceed at this point. Any help would be greatly appreciated. Thank you. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by Marianna (administrator) on MARIANNA-PC (05-12-2015 13:42:25)
Running from C:\Users\Marianna\Desktop
Loaded Profiles: Marianna (Available Profiles: Marianna)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Marianna\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [PAC207_Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [MSC] => "c:\Program Files\Microsoft Security Client\Antimalware\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [avast5] => "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [GrpConv] => grpconv -o
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Run: [cdloader] => C:\Users\Marianna\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Run: [Facebook Update] => C:\Users\Marianna\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-06] (Facebook Inc.)
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [30223 2015-12-01] ()
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\MountPoints2: {8e8fc057-b51d-11e2-8ad7-90e6ba04f921} - F:\iStudio.exe
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\MountPoints2: {a0697562-ed91-11de-98ff-90e6ba04f921} - H:\LaunchU3.exe -a
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-923862711-2733204016-223384989-1000\$e43f0e7d1b49cb0461ebd68268d989d5\n.ATTENTION! ====> ZeroAccess?
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-17]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0E302306-C0A6-409A-86F5-31F881995E46}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
URLSearchHook: HKLM-x32 - Games.com Toolbar Search Class - {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - C:\Program Files (x86)\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
URLSearchHook: HKU\S-1-5-21-923862711-2733204016-223384989-1000 -> Default = {f78bf7a8-cf12-4de7-a6da-c463d1b539a7}
URLSearchHook: HKU\S-1-5-21-923862711-2733204016-223384989-1000 - Games.com Toolbar Search Class - {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - C:\Program Files (x86)\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
SearchScopes: HKLM -> DefaultScope {75E8A6AA-D2C9-4E08-93FF-6CD70EDCBBD7} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {75E8A6AA-D2C9-4E08-93FF-6CD70EDCBBD7} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = 
SearchScopes: HKLM-x32 -> {75E8A6AA-D2C9-4E08-93FF-6CD70EDCBBD7} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-923862711-2733204016-223384989-1000 -> {60E20E80-61BB-49CC-A8A9-56FB7858682C} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-923862711-2733204016-223384989-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}853178
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-09] (Oracle Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-09] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://ssl.water.ca.gov/dana-cached/sc/JuniperSetupClient.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Marianna\AppData\Roaming\Mozilla\Firefox\Profiles\i7ln9raf.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-09] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\13\NP_wtapp.dll [2012-08-16] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-923862711-2733204016-223384989-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Marianna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-09] (Apple Inc.)
FF Extension: No Name - C:\Users\Marianna\AppData\Roaming\Mozilla\Firefox\Profiles\i7ln9raf.default\extensions\[email protected] [not found]
FF Extension: Avira Browser Safety - C:\Users\Marianna\AppData\Roaming\Mozilla\Firefox\Profiles\i7ln9raf.default\Extensions\[email protected] [2015-10-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-10-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.160.1) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll => No File
CHR Plugin: (Java™ Platform SE 6 U16) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gears.dll => No File
CHR Plugin: (PlaySushi Textlinks Plugin) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fncciponkgfpkhdpcnllnbkmocnajkcf\nppstl.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll => No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll => No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Marianna\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File
CHR Profile: C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Avira Browser Safety) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-21]
CHR Extension: (Google Docs Offline) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02]
CHR Extension: (Gmail) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (CrushArcade) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhjnmacgahapmnnifmneapinilajfol [2015-12-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [knbjpbhhfkoodogjcbjemoaidadolapp] - C:\Users\Marianna\AppData\Local\FizzPlatinum\platinum.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-12-01] (SurfRight B.V.)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S3 iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [934760 2012-03-27] (Apple Inc.)
S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-01] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-22] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2015-12-01] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [686592 2008-02-13] (PixArt Imaging Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-05 13:42 - 2015-12-05 13:43 - 00022738 _____ C:\Users\Marianna\Desktop\FRST.txt
2015-12-05 13:42 - 2015-12-05 13:42 - 00000000 ____D C:\FRST
2015-12-05 13:40 - 2015-12-05 13:40 - 02369024 _____ (Farbar) C:\Users\Marianna\Desktop\FRST64 (1).exe
2015-12-02 20:57 - 2015-12-02 20:57 - 00000000 ____D C:\Users\Marianna\Documents\Documents Folder
2015-12-02 20:36 - 2015-12-02 20:36 - 00000000 ____D C:\ProgramData\Trymedia
2015-12-01 21:44 - 2015-12-01 21:44 - 00001083 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-12-01 21:44 - 2015-12-01 21:44 - 00000000 ____D C:\Users\Marianna\AppData\Local\VS Revo Group
2015-12-01 21:44 - 2015-12-01 21:44 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-12-01 21:44 - 2015-12-01 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-12-01 21:44 - 2015-12-01 21:44 - 00000000 ____D C:\Program Files\VS Revo Group
2015-12-01 21:44 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-12-01 21:40 - 2015-12-01 21:40 - 00000000 ____D C:\Program Files (x86)\Roblox
2015-12-01 21:29 - 2015-12-01 21:29 - 00041080 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-12-01 21:28 - 2015-12-01 21:28 - 00014032 _____ C:\Windows\system32\.crusader
2015-12-01 21:15 - 2015-12-01 21:15 - 00001899 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-12-01 21:15 - 2015-12-01 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-12-01 21:15 - 2015-12-01 21:15 - 00000000 ____D C:\Program Files\HitmanPro
2015-12-01 21:13 - 2015-12-01 21:29 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-01 20:40 - 2015-12-01 20:40 - 00001656 _____ C:\Users\Marianna\Desktop\JRT.txt
2015-12-01 20:31 - 2015-12-01 20:36 - 00000000 ____D C:\AdwCleaner
2015-12-01 20:08 - 2015-12-01 20:41 - 00001068 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-27 18:15 - 2015-11-27 18:15 - 00292512 _____ C:\Windows\Minidump\112715-36441-01.dmp
2015-11-23 18:04 - 2015-11-23 18:13 - 00000250 _____ C:\Users\Marianna\AppData\LocalLow\rbxcsettings.rbx
2015-11-23 18:04 - 2015-11-23 18:08 - 00000000 ____D C:\Users\Marianna\AppData\Local\Roblox
2015-11-21 19:26 - 2015-11-21 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-13 03:28 - 2015-11-27 08:47 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForMarianna.job
2015-11-13 03:28 - 2015-11-13 03:28 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMarianna
2015-11-12 12:20 - 2015-11-03 09:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-10 21:46 - 2015-10-20 10:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-10 21:46 - 2015-10-20 10:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-10 21:46 - 2015-10-20 10:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-10 21:46 - 2015-10-20 10:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-10 21:46 - 2015-10-20 10:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-10 21:46 - 2015-10-20 09:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-10 21:46 - 2015-10-20 09:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-10 21:46 - 2015-10-20 09:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-10 21:46 - 2015-10-20 09:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-10 21:46 - 2015-10-20 09:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-10 21:45 - 2015-11-03 14:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-10 21:45 - 2015-11-03 13:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-10 21:45 - 2015-10-30 15:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 21:45 - 2015-10-30 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-10 21:45 - 2015-10-30 15:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-10 21:45 - 2015-10-30 15:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 21:45 - 2015-10-30 15:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-10 21:45 - 2015-10-30 15:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-10 21:45 - 2015-10-30 15:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-10 21:45 - 2015-10-30 15:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-10 21:45 - 2015-10-30 15:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-10 21:45 - 2015-10-30 15:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-10 21:45 - 2015-10-30 15:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-10 21:45 - 2015-10-30 15:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-10 21:45 - 2015-10-30 15:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-10 21:45 - 2015-10-30 15:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-10 21:45 - 2015-10-30 15:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-10 21:45 - 2015-10-30 15:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 21:45 - 2015-10-30 15:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-10 21:45 - 2015-10-30 15:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-10 21:45 - 2015-10-30 15:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-10 21:45 - 2015-10-30 14:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-10 21:45 - 2015-10-30 14:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-10 21:45 - 2015-10-30 14:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-10 21:45 - 2015-10-30 14:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-10 21:45 - 2015-10-30 14:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-10 21:45 - 2015-10-30 14:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-10 21:45 - 2015-10-30 14:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-10 21:45 - 2015-10-30 14:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-10 21:45 - 2015-10-30 14:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-10 21:45 - 2015-10-30 14:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-10 21:45 - 2015-10-30 14:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-10 21:45 - 2015-10-30 14:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-10 21:45 - 2015-10-30 14:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-10 21:45 - 2015-10-30 14:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-10 21:45 - 2015-10-30 14:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-10 21:45 - 2015-10-30 14:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-10 21:45 - 2015-10-30 14:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-10 21:45 - 2015-10-30 14:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-10 21:45 - 2015-10-30 14:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-10 21:45 - 2015-10-30 14:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-10 21:45 - 2015-10-30 14:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-10 21:45 - 2015-10-30 14:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-10 21:45 - 2015-10-30 14:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-10 21:45 - 2015-10-30 14:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-10 21:45 - 2015-10-30 14:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-10 21:45 - 2015-10-30 14:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-10 21:45 - 2015-10-30 14:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 21:45 - 2015-10-30 14:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-10 21:45 - 2015-10-30 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-10 21:45 - 2015-10-30 14:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-10 21:45 - 2015-10-30 14:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-10 21:45 - 2015-10-30 14:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-10 21:45 - 2015-10-30 14:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-10 21:45 - 2015-10-30 14:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-10 21:45 - 2015-10-30 14:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-10 21:45 - 2015-10-30 14:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-10 21:45 - 2015-10-30 14:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-10 21:45 - 2015-10-30 14:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-10 21:45 - 2015-10-30 14:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 21:45 - 2015-10-30 13:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-10 21:45 - 2015-10-30 13:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-10 21:45 - 2015-10-30 13:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-10 21:45 - 2015-10-30 13:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-10 21:45 - 2015-10-29 09:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-10 21:45 - 2015-10-29 09:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-10 21:45 - 2015-10-29 09:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-10 21:45 - 2015-10-29 09:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-10 21:45 - 2015-10-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-10 21:45 - 2015-10-29 09:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-10 21:45 - 2015-10-29 09:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-10 21:45 - 2015-10-19 17:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-10 21:45 - 2015-10-19 17:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-10 21:45 - 2015-10-19 17:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-10 21:45 - 2015-10-13 08:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-10 21:45 - 2015-10-13 08:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-10 21:44 - 2015-10-19 17:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-10 21:44 - 2015-10-19 17:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-10 21:44 - 2015-10-19 17:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-10 21:44 - 2015-10-19 17:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-10 21:44 - 2015-10-19 17:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-10 21:44 - 2015-10-19 17:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-10 21:44 - 2015-10-19 17:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-10 21:44 - 2015-10-19 17:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-10 21:44 - 2015-10-19 17:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-10 21:44 - 2015-10-19 17:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-10 21:44 - 2015-10-19 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-10 21:44 - 2015-10-19 17:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-10 21:44 - 2015-10-19 17:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-10 21:44 - 2015-10-19 16:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-10 21:44 - 2015-10-19 16:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-10 21:44 - 2015-10-19 16:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-10 21:44 - 2015-10-19 16:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-10 21:44 - 2015-10-19 16:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-10 21:44 - 2015-10-19 16:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-10 21:44 - 2015-10-19 16:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-10 21:44 - 2015-10-19 16:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-10 21:44 - 2015-10-19 16:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-10 21:44 - 2015-10-19 16:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-10 21:44 - 2015-10-19 16:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-10 21:44 - 2015-10-19 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 15:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-10 21:44 - 2015-10-19 15:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-10 21:44 - 2015-10-19 15:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-10 21:44 - 2015-10-19 15:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-10 21:44 - 2015-10-19 15:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-10 21:44 - 2015-10-19 15:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 15:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 15:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 15:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-10 21:44 - 2015-10-12 20:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-10 21:44 - 2015-10-01 10:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-10 21:44 - 2015-10-01 10:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-10 21:44 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-10 21:44 - 2015-09-23 05:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-10 21:44 - 2015-09-23 05:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-10 21:44 - 2015-09-23 05:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-05 13:43 - 2009-12-07 10:44 - 00518348 _____ C:\Windows\ntbtlog.txt
2015-12-05 13:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-03 09:16 - 2009-07-13 20:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-03 09:16 - 2009-07-13 20:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-03 09:14 - 2010-06-12 11:38 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-03 09:13 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-02 21:17 - 2014-09-29 10:58 - 00000000 ____D C:\Mari's Samsung Photos
2015-12-02 21:05 - 2009-10-25 13:58 - 00000000 ____D C:\Users\Marianna
2015-12-02 20:50 - 2012-01-16 12:36 - 00000000 ____D C:\Users\Marianna\Desktop\2012-01 (Jan)
2015-12-02 20:45 - 2014-11-05 22:51 - 00000000 ____D C:\A - To be filed
2015-12-02 20:42 - 2014-11-08 19:22 - 00000000 __SHD C:\Users\Marianna\AppData\Local\EmieUserList
2015-12-02 20:42 - 2014-11-08 19:22 - 00000000 __SHD C:\Users\Marianna\AppData\Local\EmieSiteList
2015-12-02 20:37 - 2010-07-12 19:44 - 00000000 ____D C:\Xochitl
2015-12-02 20:35 - 2011-07-17 15:03 - 00000000 ____D C:\MomDocs
2015-12-02 20:09 - 2010-05-02 10:22 - 00000000 ____D C:\Matt-Itzia
2015-12-02 19:54 - 2009-07-13 21:13 - 00785882 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-02 19:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-01 21:41 - 2014-11-05 21:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-01 20:41 - 2014-11-05 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-01 20:41 - 2014-11-05 21:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-01 20:33 - 2009-12-10 13:38 - 00000000 ____D C:\Users\Marianna\AppData\LocalLow\Yahoo!
2015-12-01 20:06 - 2010-03-02 20:41 - 00000000 ____D C:\Users\Marianna\AppData\Local\ElevatedDiagnostics
2015-12-01 19:40 - 2014-11-08 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-01 19:36 - 2014-11-08 21:31 - 00162072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-12-01 19:36 - 2014-11-08 21:31 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-12-01 19:36 - 2014-11-08 21:31 - 00075472 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-12-01 19:29 - 2010-06-12 11:38 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-01 19:24 - 2012-10-10 21:05 - 00000274 _____ C:\Windows\Tasks\PlayFizz.job
2015-11-28 17:24 - 2012-06-10 08:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-27 18:15 - 2010-10-04 23:48 - 487067489 _____ C:\Windows\MEMORY.DMP
2015-11-27 18:15 - 2010-10-04 23:48 - 00000000 ____D C:\Windows\Minidump
2015-11-27 14:32 - 2010-12-10 08:15 - 00000954 _____ C:\Users\Marianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-11-27 14:32 - 2009-10-25 14:44 - 00000000 ____D C:\Users\Marianna\AppData\Roaming\mjusbsp
2015-11-27 08:47 - 2009-07-13 20:45 - 00351824 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-27 08:37 - 2009-08-21 18:58 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-27 08:37 - 2009-08-21 18:56 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2015-11-27 07:17 - 2013-08-06 21:12 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000UA.job
2015-11-26 22:17 - 2013-08-06 21:12 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000Core.job
2015-11-21 19:26 - 2009-08-21 18:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-21 19:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2015-11-21 19:01 - 2009-10-25 14:03 - 00086600 _____ C:\Users\Marianna\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-21 19:00 - 2009-08-21 18:41 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-21 18:47 - 2010-12-17 18:17 - 00000000 ____D C:\swsetup
2015-11-17 11:09 - 2015-08-04 09:22 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-17 11:09 - 2014-12-14 09:56 - 00001940 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-11 05:24 - 2012-06-10 08:32 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 05:24 - 2012-06-10 08:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 05:24 - 2011-08-12 19:43 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 04:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-11-11 04:02 - 2014-11-08 21:24 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-11 03:58 - 2015-11-03 08:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-11 03:58 - 2012-05-29 17:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-11 03:54 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 03:36 - 2013-08-14 02:03 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 03:23 - 2010-11-14 17:45 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 03:21 - 2009-10-25 16:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 03:09 - 2011-11-23 15:26 - 00778004 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-10 17:32 - 2015-01-09 11:56 - 00002068 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2011-05-13 21:10 - 2011-09-16 13:22 - 0001854 _____ () C:\Users\Marianna\AppData\Roaming\GhostObjGAFix.xml
2009-11-18 18:47 - 2013-10-28 12:12 - 0000004 _____ () C:\Users\Marianna\AppData\Roaming\wklnhst.dat
2014-02-22 22:16 - 2015-10-22 10:32 - 0005632 _____ () C:\Users\Marianna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-16 13:32 - 2012-09-16 13:32 - 0000036 _____ () C:\Users\Marianna\AppData\Local\housecall.guid.cache
2011-04-07 15:11 - 2011-04-07 15:11 - 3002471 _____ (MyWebSearch.com) C:\Users\Marianna\AppData\Local\mwsautSp.exe
2009-10-25 15:39 - 2010-06-16 20:20 - 0003680 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Marianna\AppData\Local\Temp\avgnt.exe
C:\Users\Marianna\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Marianna\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Marianna\AppData\Local\Temp\ose00000.exe
C:\Users\Marianna\AppData\Local\Temp\scp3725.tmp.exe
C:\Users\Marianna\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-11 04:41
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Marianna (2015-12-05 13:44:13)
Running from C:\Users\Marianna\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-10-25 21:58:26)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-923862711-2733204016-223384989-500 - Administrator - Disabled)
Guest (S-1-5-21-923862711-2733204016-223384989-501 - Limited - Disabled)
Marianna (S-1-5-21-923862711-2733204016-223384989-1000 - Administrator - Enabled) => C:\Users\Marianna
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Disabled - Out of date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Microsoft Security Essentials (Disabled - Out of date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcadeCandy (HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\{6A2EF989-A524-48bf-985F-9D076B334980}) (Version: ac 1.3.273 - ArcadeCandy LLC) <==== ATTENTION
Are You Smarter than a 5th Grader - Make the Grade (x32 Version: 2.2.0.95 - WildTangent) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.125 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Balloon Blast (x32 Version: 2.2.0.95 - WildTangent) Hidden
Beezzle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - PopCap Games)
Bejeweled Blitz (HKLM-x32\...\Bejeweled Blitz) (Version:  - PopCap Games)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version:  - PopCap Games)
Bejeweled Twist (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 2.0.1.46 - )
Bob the Builder - Can-Do Carnival (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version:  - Oberon Media)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version:  - PopCap Games)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CIF USB Camera (HKLM-x32\...\{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}) (Version: 1.0.0.2 - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Concentration (remove only) (HKLM-x32\...\Concentration) (Version:  - )
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.2) (Version: 5.0.0.2 - Coupons.com Incorporated)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Diamond Drop 2 (HKLM-x32\...\BFG-Diamond Drop 2) (Version:  - )
Diego's Ultimate Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DJ_AIO_05_F4400_Software_Min (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
DriverUpdate (HKLM-x32\...\{C6044CF6-833B-40A1-A1AE-499812ABB8EB}) (Version: 2.5.2 - Slimware Utilities Holdings, Inc.)
F4400 (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Games.com Toolbar (HKLM-x32\...\Games.com Toolbar) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM-x32\...\{961034C0-58DF-11DF-97FD-005056806466}) (Version: 5.2.0.5932 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
H&R Block Deluxe + Efile + State 2009 (HKLM-x32\...\{53A19323-917A-4822-B27E-A57D1EF6E9FC}) (Version: 09.04.6901 - HRB Technology, LLC.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (HKLM\...\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Juniper Networks Cache Cleaner 6.3.0 (HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Juniper_Networks_Cache_Cleaner 6.3.0) (Version: 6.3.0.14121 - Juniper Networks)
Juniper Networks Host Checker (HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Neoteris_Host_Checker) (Version: 7.1.7.20581 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 1.3.1.6 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Juniper_Setup_Client) (Version: 7.1.7.18795 - Juniper Networks, Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
magicJack (HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Mahjongg: Ancient Mayas (HKLM-x32\...\BFG-Mahjongg - Ancient Mayas) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Mozilla Thunderbird 12.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 12.0.1 (x86 en-US)) (Version: 12.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
PC Power Speed 1.1.0.36 (HKLM-x32\...\{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1) (Version: 1.1.0.36 - Crawler, LLC.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PIXresizer 2.0.4 (HKLM-x32\...\PIXresizer_is1) (Version:  - Bluefive software)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shop it Up! (x32 Version: 2.2.0.97 - WildTangent) Hidden
SlimCleaner Plus (HKLM\...\{FDBF32ED-3777-42C8-9272-380994F04EC9}) (Version: 2.5.0 - Slimware Utilities Holdings, Inc.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Super TextTwist (HKLM-x32\...\b6d996de41893bf1f3034c877caeda12) (Version:  - )
Super Yum Yum: Puzzle Adventures (x32 Version: 2.2.0.97 - WildTangent) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.45.1000 - SUPERAntiSpyware.com)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.4.16 - WildTangent) Hidden
Word Power - The Green Revolution (x32 Version: 2.2.0.95 - WildTangent) Hidden
Word Zen (HKLM-x32\...\BFG-Word Zen) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-923862711-2733204016-223384989-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Marianna\AppData\Local\Roblox\Versions\version-cdc47f439edb4527\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-923862711-2733204016-223384989-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
 
==================== Restore Points =========================
 
10-11-2015 03:22:24 Windows Update
11-11-2015 03:01:00 Windows Update
13-11-2015 03:00:12 Windows Update
13-11-2015 22:16:23 HPSF Restore Point
17-11-2015 05:15:16 Windows Update
20-11-2015 13:35:48 Windows Update
21-11-2015 18:54:31 Installed HP Support Assistant
21-11-2015 19:11:42 Windows Modules Installer
21-11-2015 19:18:52 Windows Modules Installer
24-11-2015 12:06:56 Windows Update
01-12-2015 19:44:45 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {185E67C7-6CD3-40E7-94BB-0F456D38BB17} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {1EEC7306-51E8-4431-B072-C09713FD0FAE} - System32\Tasks\{8CAF4BEC-4B0D-4E1D-BED5-3B401BB181D8} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {2D2BA482-D675-48E0-AD4F-4BA053107AE8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {37D9C362-EE09-4408-A25B-A5E3CC0DDACF} - System32\Tasks\{6C739D6D-0608-40E5-8BE1-7FF0892B3904} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {3E564FBD-E038-4168-8575-CA2A173FD942} - System32\Tasks\PlayFizz => C:\Users\Marianna\AppData\Local\FizzPlatinum\Updater.exe
Task: {53CE94EC-B65B-4B27-A01E-211A0F54D02E} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {63D051F6-FA09-4C9B-BC85-A649A4C96AD0} - System32\Tasks\HPCeeScheduleForMarianna => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {6A22CB7E-F9D7-4638-8569-301CF90483BA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000Core => C:\Users\Marianna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-06] (Facebook Inc.)
Task: {8EE947F1-734A-433A-9C6E-0A7F03047FF7} - \DriverUpdate Scan -> No File <==== ATTENTION
Task: {A04F5366-2048-4E86-860D-8714EC9FD1FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-24] (Hewlett-Packard)
Task: {A29AC07E-A4D1-4C5E-B65D-6D7B132086E9} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-24] (Hewlett-Packard)
Task: {A5B24EBE-7B4D-4E37-BB3F-380867B0029F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B1A6EA09-B8DF-492D-9F18-CBE723F688EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {B25F5F08-A75B-4407-AD6B-7E2B708875AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {D2B22552-3109-4C29-BB06-E53E244E2DC2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000UA => C:\Users\Marianna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-06] (Facebook Inc.)
Task: {E2CE5732-CCB8-43C6-BC87-60262326DC7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E53036EC-BD13-4351-96F1-330CF8E33E30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000Core.job => C:\Users\Marianna\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000UA.job => C:\Users\Marianna\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMarianna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml
Task: C:\Windows\Tasks\PlayFizz.job => C:\Users\Marianna\AppData\Local\FizzPlatinum\Updater.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-12-01 20:12 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-12-01 20:12 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-11-10 17:31 - 2015-11-06 20:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:01BEC24A
AlternateDataStreams: C:\ProgramData\Temp:3E7393FC
AlternateDataStreams: C:\ProgramData\Temp:598E8EA1
AlternateDataStreams: C:\ProgramData\Temp:C118E02A
AlternateDataStreams: C:\Users\Marianna\12 tax sifnature date.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Marianna\12 tax sifnature date.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Marianna\can tax sig 2012.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Marianna\can tax sig 2012.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Marianna\mari and victor con un millon.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Marianna\mari and victor con un millon.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-923862711-2733204016-223384989-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marianna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Marianna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DING!.lnk => C:\Windows\pss\DING!.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Marianna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: cdloader => "C:\Users\Marianna\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/01/2015 10:00:46 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"; Description = Revo Uninstaller Pro's restore point - DriverUpdate; Error = 0x8007043c).
 
Error: (12/01/2015 09:57:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"; Description = Revo Uninstaller Pro's restore point - SlimCleaner Plus; Error = 0x8007043c).
 
Error: (12/01/2015 09:52:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"; Description = Revo Uninstaller Pro's restore point - DriverUpdate; Error = 0x8007043c).
 
Error: (12/01/2015 09:48:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"; Description = Revo Uninstaller Pro's restore point - SlimCleaner Plus; Error = 0x8007043c).
 
Error: (12/01/2015 09:46:51 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"; Description = Revo Uninstaller Pro's restore point - SlimCleaner Plus; Error = 0x8007043c).
 
Error: (12/01/2015 09:28:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Marianna\Downloads\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).
 
Error: (12/01/2015 09:27:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Marianna\Downloads\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).
 
Error: (12/01/2015 08:38:03 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Marianna\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).
 
Error: (12/01/2015 07:30:36 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.
 
Error: (12/01/2015 07:30:36 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.
 
 
System errors:
=============
Error: (12/05/2015 01:29:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error: 
%%-2147017840
 
Error: (12/05/2015 01:29:09 PM) (Source: Microsoft Antimalware) (EventID: 5101) (User: )
Description: %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.
 
Expiration Reason: %%873
 
Expiration Date (UTC): ‎12/‎5/‎2015 9:29:09 PM
 
Error Code: 0x80092003
 
Error Description: An error occurred while reading or writing to a file.
 
Error: (12/05/2015 01:29:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (12/05/2015 01:29:01 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (12/05/2015 01:28:58 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (12/05/2015 01:28:51 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/05/2015 01:28:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
avipbb
avkmgr
discache
MpFilter
SASDIFSV
SASKUTIL
spldr
Wanarpv6
 
Error: (12/05/2015 01:28:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: 
%%5
 
Error: (12/05/2015 01:28:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: 
%%5
 
Error: (12/05/2015 01:28:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: 
%%5
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X2 215 Processor
Percentage of memory in use: 41%
Total physical RAM: 2942.49 MB
Available physical RAM: 1724.48 MB
Total Virtual: 5883.19 MB
Available Virtual: 4631.6 MB
 
==================== Drives ================================
 
Drive c: (COMPAQ) (Fixed) (Total:454.76 GB) (Free:290.98 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.9 GB) (Free:2.02 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by hichicha, 05 December 2015 - 04:37 PM.

  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello hichicha and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    I need a little time to analyse your logs and will post a fix for you. :)

  • 0

#3
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Hichicha

Unfortunately your machine has been infected by a Zero Access infection which potentially can be pretty nasty so although it's possible to clean this please read the following advisory note:

Backdoor warning!

Unfortunately your machine has been compromised by a Zero Access Backdoor Trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files. My advice for this:
  • Disconnect this machine from the internet.
  • Change your online passwords from a well-known clean computer (not this one!).
  • It would be also wise to inform financial institutions about your situation -See Here.

    Many experts believe that the best action should be reformat and reinstall.
  • If you plan to rather reinstall your system, let me know if I could provide any help during that procedure.
  • If you wish to omit the reinstallation, just please proceed with the next steps.


    Step1 - FRST fix


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

    Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   486bytes   118 downloads
  • Ensure fixlist.txt is in the same location as FRST64.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - Run Malwarebytes Anti-rootkit
  • Download Malwarebytes Anti-Rootkit from here.
  • Run the file and follow the onscreen instructions to extract it to a location of your choosing (your desktop by default)
  • Malwarebytes Anti-Rootkit will then open, follow the instruction in the wizard to update and allow the program to scan your computer for threats
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so
  • Wait while the system shuts down and the cleanup process is performed
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  • If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional: Internet access, Windows Update, Windows Firewall
  • If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit located within the 'Plugins' folder and reboot


    Step3 - Run fresh FRST logs
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.


    Things for your next post:
  • fixlog.txt
  • mbar-log.txt and system-log.txt
  • FRST.txt and Addition.txt
  • How is your system running now - are you able to boot normally?

  • 0

#4
hichicha

hichicha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Thank you. I'll follow your instructions to clean and report back. 


  • 0

#5
hichicha

hichicha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Below you will find the fixlog.txt, two mbar-log.txts (one before and one after cleanup), system-log.txt, and a fresh FRST.txt and Addition.txt. 
 
When I ran FRST with the fixlist.txt, I thought I hadn't run it from the same location (desktop), so I ran it again. 
 
I was able to start up the computer normally (not in safe mode) and nothing froze at first. However, the Windows Explorer folder stopped responding. The internet worked. The "Desktop" files will only show up in a "Desktop" folder in Windows Explorer and not actually on the desktop. There's also a file or application that sits on the task bar that when you click on it says it's been removed. Right before I was going to turn off the computer, the windows froze and it looks like I'm back where I started. 

 

 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Marianna (2015-12-07 12:10:37) Run:2
Running from C:\Users\Marianna\Desktop
Loaded Profiles: Marianna (Available Profiles: Marianna)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-923862711-2733204016-223384989-1000\$e43f0e7d1b49cb0461ebd68268d989d5\n.ATTENTION! ====> ZeroAccess?
CustomCLSID: HKU\S-1-5-21-923862711-2733204016-223384989-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
Hosts:
EmptyTemp: 
 
*****************
 
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully
HKU\S-1-5-21-923862711-2733204016-223384989-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => key not found. 
HKU\S-1-5-21-923862711-2733204016-223384989-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => key not found. 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 10.4 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 12:10:39 ====
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by Marianna (administrator) on MARIANNA-PC (07-12-2015 13:23:31)
Running from C:\Users\Marianna\Desktop
Loaded Profiles: Marianna (Available Profiles: Marianna)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(PixArt Imaging Incorporation) C:\Windows\Pixart\Pac207\Monitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [PAC207_Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [MSC] => "c:\Program Files\Microsoft Security Client\Antimalware\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [avast5] => "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Run: [cdloader] => C:\Users\Marianna\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Run: [Facebook Update] => C:\Users\Marianna\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-06] (Facebook Inc.)
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\MountPoints2: {8e8fc057-b51d-11e2-8ad7-90e6ba04f921} - F:\iStudio.exe
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\MountPoints2: {a0697562-ed91-11de-98ff-90e6ba04f921} - H:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-17]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0E302306-C0A6-409A-86F5-31F881995E46}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
URLSearchHook: HKLM-x32 - Games.com Toolbar Search Class - {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - C:\Program Files (x86)\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
URLSearchHook: HKU\S-1-5-21-923862711-2733204016-223384989-1000 -> Default = {f78bf7a8-cf12-4de7-a6da-c463d1b539a7}
URLSearchHook: HKU\S-1-5-21-923862711-2733204016-223384989-1000 - Games.com Toolbar Search Class - {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - C:\Program Files (x86)\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
SearchScopes: HKLM -> DefaultScope {75E8A6AA-D2C9-4E08-93FF-6CD70EDCBBD7} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {75E8A6AA-D2C9-4E08-93FF-6CD70EDCBBD7} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = 
SearchScopes: HKLM-x32 -> {75E8A6AA-D2C9-4E08-93FF-6CD70EDCBBD7} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-923862711-2733204016-223384989-1000 -> {60E20E80-61BB-49CC-A8A9-56FB7858682C} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-923862711-2733204016-223384989-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}853178
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-09] (Oracle Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-09] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://ssl.water.ca.gov/dana-cached/sc/JuniperSetupClient.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Marianna\AppData\Roaming\Mozilla\Firefox\Profiles\i7ln9raf.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-09] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\13\NP_wtapp.dll [2012-08-16] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-923862711-2733204016-223384989-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Marianna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-09] (Apple Inc.)
FF Extension: No Name - C:\Users\Marianna\AppData\Roaming\Mozilla\Firefox\Profiles\i7ln9raf.default\extensions\[email protected] [not found]
FF Extension: Avira Browser Safety - C:\Users\Marianna\AppData\Roaming\Mozilla\Firefox\Profiles\i7ln9raf.default\Extensions\[email protected] [2015-10-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-10-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.160.1) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll => No File
CHR Plugin: (Java™ Platform SE 6 U16) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gears.dll => No File
CHR Plugin: (PlaySushi Textlinks Plugin) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fncciponkgfpkhdpcnllnbkmocnajkcf\nppstl.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll => No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll => No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Marianna\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File
CHR Profile: C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Avira Browser Safety) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-21]
CHR Extension: (Google Docs Offline) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02]
CHR Extension: (Gmail) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (CrushArcade) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhjnmacgahapmnnifmneapinilajfol [2015-12-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [knbjpbhhfkoodogjcbjemoaidadolapp] - C:\Users\Marianna\AppData\Local\FizzPlatinum\platinum.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-12-01] (SurfRight B.V.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R3 iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [934760 2012-03-27] (Apple Inc.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2015-12-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [686592 2008-02-13] (PixArt Imaging Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-07 12:15 - 2015-12-07 13:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-07 12:14 - 2015-12-07 13:07 - 00000000 ____D C:\Users\Marianna\Desktop\mbar
2015-12-07 12:08 - 2015-12-07 12:08 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Marianna\Downloads\mbar-1.09.3.1001.exe
2015-12-07 11:54 - 2015-12-07 12:10 - 00001429 _____ C:\Users\Marianna\Desktop\Fixlog.txt
2015-12-05 21:30 - 2015-12-05 21:30 - 00001963 _____ C:\new.txt
2015-12-05 13:44 - 2015-12-05 13:46 - 00035399 _____ C:\Users\Marianna\Desktop\Addition.txt
2015-12-05 13:42 - 2015-12-07 13:23 - 00024750 _____ C:\Users\Marianna\Desktop\FRST.txt
2015-12-05 13:42 - 2015-12-07 13:23 - 00000000 ____D C:\FRST
2015-12-05 13:40 - 2015-12-05 13:40 - 02369024 _____ (Farbar) C:\Users\Marianna\Desktop\FRST64.exe
2015-12-02 20:57 - 2015-12-02 20:57 - 00000000 ____D C:\Users\Marianna\Documents\Documents Folder
2015-12-02 20:36 - 2015-12-02 20:36 - 00000000 ____D C:\ProgramData\Trymedia
2015-12-01 21:44 - 2015-12-01 21:44 - 00001083 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-12-01 21:44 - 2015-12-01 21:44 - 00000000 ____D C:\Users\Marianna\AppData\Local\VS Revo Group
2015-12-01 21:44 - 2015-12-01 21:44 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-12-01 21:44 - 2015-12-01 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-12-01 21:44 - 2015-12-01 21:44 - 00000000 ____D C:\Program Files\VS Revo Group
2015-12-01 21:44 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-12-01 21:40 - 2015-12-01 21:40 - 00000000 ____D C:\Program Files (x86)\Roblox
2015-12-01 21:29 - 2015-12-07 13:16 - 00041080 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-12-01 21:28 - 2015-12-01 21:28 - 00014032 _____ C:\Windows\system32\.crusader
2015-12-01 21:15 - 2015-12-01 21:15 - 00001899 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-12-01 21:15 - 2015-12-01 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-12-01 21:15 - 2015-12-01 21:15 - 00000000 ____D C:\Program Files\HitmanPro
2015-12-01 21:13 - 2015-12-01 21:29 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-01 20:40 - 2015-12-01 20:40 - 00001656 _____ C:\Users\Marianna\Desktop\JRT.txt
2015-12-01 20:31 - 2015-12-01 20:36 - 00000000 ____D C:\AdwCleaner
2015-12-01 20:08 - 2015-12-01 20:41 - 00001068 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-27 18:15 - 2015-11-27 18:15 - 00292512 _____ C:\Windows\Minidump\112715-36441-01.dmp
2015-11-23 18:04 - 2015-11-23 18:13 - 00000250 _____ C:\Users\Marianna\AppData\LocalLow\rbxcsettings.rbx
2015-11-23 18:04 - 2015-11-23 18:08 - 00000000 ____D C:\Users\Marianna\AppData\Local\Roblox
2015-11-21 19:26 - 2015-11-21 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-13 03:28 - 2015-11-27 08:47 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForMarianna.job
2015-11-13 03:28 - 2015-11-13 03:28 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMarianna
2015-11-12 12:20 - 2015-11-03 09:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-10 21:46 - 2015-10-20 10:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-10 21:46 - 2015-10-20 10:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-10 21:46 - 2015-10-20 10:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-10 21:46 - 2015-10-20 10:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-10 21:46 - 2015-10-20 10:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-10 21:46 - 2015-10-20 09:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-10 21:46 - 2015-10-20 09:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-10 21:46 - 2015-10-20 09:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-10 21:46 - 2015-10-20 09:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-10 21:46 - 2015-10-20 09:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-10 21:45 - 2015-11-03 14:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-10 21:45 - 2015-11-03 13:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-10 21:45 - 2015-10-30 15:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 21:45 - 2015-10-30 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-10 21:45 - 2015-10-30 15:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-10 21:45 - 2015-10-30 15:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 21:45 - 2015-10-30 15:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-10 21:45 - 2015-10-30 15:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-10 21:45 - 2015-10-30 15:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-10 21:45 - 2015-10-30 15:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-10 21:45 - 2015-10-30 15:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-10 21:45 - 2015-10-30 15:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-10 21:45 - 2015-10-30 15:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-10 21:45 - 2015-10-30 15:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-10 21:45 - 2015-10-30 15:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-10 21:45 - 2015-10-30 15:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-10 21:45 - 2015-10-30 15:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-10 21:45 - 2015-10-30 15:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 21:45 - 2015-10-30 15:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-10 21:45 - 2015-10-30 15:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-10 21:45 - 2015-10-30 15:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-10 21:45 - 2015-10-30 14:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-10 21:45 - 2015-10-30 14:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-10 21:45 - 2015-10-30 14:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-10 21:45 - 2015-10-30 14:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-10 21:45 - 2015-10-30 14:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-10 21:45 - 2015-10-30 14:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-10 21:45 - 2015-10-30 14:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-10 21:45 - 2015-10-30 14:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-10 21:45 - 2015-10-30 14:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-10 21:45 - 2015-10-30 14:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-10 21:45 - 2015-10-30 14:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-10 21:45 - 2015-10-30 14:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-10 21:45 - 2015-10-30 14:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-10 21:45 - 2015-10-30 14:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-10 21:45 - 2015-10-30 14:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-10 21:45 - 2015-10-30 14:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-10 21:45 - 2015-10-30 14:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-10 21:45 - 2015-10-30 14:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-10 21:45 - 2015-10-30 14:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-10 21:45 - 2015-10-30 14:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-10 21:45 - 2015-10-30 14:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-10 21:45 - 2015-10-30 14:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-10 21:45 - 2015-10-30 14:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-10 21:45 - 2015-10-30 14:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-10 21:45 - 2015-10-30 14:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-10 21:45 - 2015-10-30 14:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-10 21:45 - 2015-10-30 14:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 21:45 - 2015-10-30 14:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-10 21:45 - 2015-10-30 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-10 21:45 - 2015-10-30 14:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-10 21:45 - 2015-10-30 14:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-10 21:45 - 2015-10-30 14:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-10 21:45 - 2015-10-30 14:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-10 21:45 - 2015-10-30 14:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-10 21:45 - 2015-10-30 14:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-10 21:45 - 2015-10-30 14:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-10 21:45 - 2015-10-30 14:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-10 21:45 - 2015-10-30 14:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-10 21:45 - 2015-10-30 14:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 21:45 - 2015-10-30 13:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-10 21:45 - 2015-10-30 13:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-10 21:45 - 2015-10-30 13:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-10 21:45 - 2015-10-30 13:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-10 21:45 - 2015-10-29 09:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-10 21:45 - 2015-10-29 09:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-10 21:45 - 2015-10-29 09:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-10 21:45 - 2015-10-29 09:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-10 21:45 - 2015-10-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-10 21:45 - 2015-10-29 09:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-10 21:45 - 2015-10-29 09:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-10 21:45 - 2015-10-19 17:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-10 21:45 - 2015-10-19 17:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-10 21:45 - 2015-10-19 17:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-10 21:45 - 2015-10-13 08:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-10 21:45 - 2015-10-13 08:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-10 21:44 - 2015-10-19 17:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-10 21:44 - 2015-10-19 17:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-10 21:44 - 2015-10-19 17:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-10 21:44 - 2015-10-19 17:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-10 21:44 - 2015-10-19 17:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-10 21:44 - 2015-10-19 17:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-10 21:44 - 2015-10-19 17:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-10 21:44 - 2015-10-19 17:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-10 21:44 - 2015-10-19 17:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-10 21:44 - 2015-10-19 17:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-10 21:44 - 2015-10-19 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-10 21:44 - 2015-10-19 17:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-10 21:44 - 2015-10-19 17:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-10 21:44 - 2015-10-19 16:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-10 21:44 - 2015-10-19 16:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-10 21:44 - 2015-10-19 16:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-10 21:44 - 2015-10-19 16:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-10 21:44 - 2015-10-19 16:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-10 21:44 - 2015-10-19 16:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-10 21:44 - 2015-10-19 16:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-10 21:44 - 2015-10-19 16:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-10 21:44 - 2015-10-19 16:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-10 21:44 - 2015-10-19 16:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-10 21:44 - 2015-10-19 16:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-10 21:44 - 2015-10-19 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 15:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-10 21:44 - 2015-10-19 15:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-10 21:44 - 2015-10-19 15:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-10 21:44 - 2015-10-19 15:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-10 21:44 - 2015-10-19 15:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-10 21:44 - 2015-10-19 15:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 15:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 15:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 15:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-10 21:44 - 2015-10-12 20:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-10 21:44 - 2015-10-01 10:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-10 21:44 - 2015-10-01 10:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-10 21:44 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-10 21:44 - 2015-09-23 05:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-10 21:44 - 2015-09-23 05:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-10 21:44 - 2015-09-23 05:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-07 13:24 - 2012-06-10 08:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-07 13:23 - 2009-07-13 20:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-07 13:23 - 2009-07-13 20:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-07 13:18 - 2009-07-13 21:13 - 00785882 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-07 13:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-07 13:17 - 2013-08-06 21:12 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000UA.job
2015-12-07 13:11 - 2010-06-12 11:38 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-07 13:10 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-07 12:44 - 2014-11-05 21:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-07 12:44 - 2009-12-07 10:44 - 00729108 _____ C:\Windows\ntbtlog.txt
2015-12-07 12:43 - 2014-11-05 21:48 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-07 11:57 - 2010-11-15 21:49 - 00000000 ____D C:\Users\Marianna\AppData\LocalLow\Temp
2015-12-05 13:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-02 21:17 - 2014-09-29 10:58 - 00000000 ____D C:\Mari's Samsung Photos
2015-12-02 21:05 - 2009-10-25 13:58 - 00000000 ____D C:\Users\Marianna
2015-12-02 20:50 - 2012-01-16 12:36 - 00000000 ____D C:\Users\Marianna\Desktop\2012-01 (Jan)
2015-12-02 20:45 - 2014-11-05 22:51 - 00000000 ____D C:\A - To be filed
2015-12-02 20:42 - 2014-11-08 19:22 - 00000000 __SHD C:\Users\Marianna\AppData\Local\EmieUserList
2015-12-02 20:42 - 2014-11-08 19:22 - 00000000 __SHD C:\Users\Marianna\AppData\Local\EmieSiteList
2015-12-02 20:37 - 2010-07-12 19:44 - 00000000 ____D C:\Xochitl
2015-12-02 20:35 - 2011-07-17 15:03 - 00000000 ____D C:\MomDocs
2015-12-02 20:09 - 2010-05-02 10:22 - 00000000 ____D C:\Matt-Itzia
2015-12-01 20:41 - 2014-11-05 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-01 20:41 - 2014-11-05 21:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-01 20:33 - 2009-12-10 13:38 - 00000000 ____D C:\Users\Marianna\AppData\LocalLow\Yahoo!
2015-12-01 20:06 - 2010-03-02 20:41 - 00000000 ____D C:\Users\Marianna\AppData\Local\ElevatedDiagnostics
2015-12-01 19:40 - 2014-11-08 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-01 19:36 - 2014-11-08 21:31 - 00162072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-12-01 19:36 - 2014-11-08 21:31 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-12-01 19:36 - 2014-11-08 21:31 - 00075472 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-12-01 19:29 - 2010-06-12 11:38 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-01 19:24 - 2012-10-10 21:05 - 00000274 _____ C:\Windows\Tasks\PlayFizz.job
2015-11-27 18:15 - 2010-10-04 23:48 - 487067489 _____ C:\Windows\MEMORY.DMP
2015-11-27 18:15 - 2010-10-04 23:48 - 00000000 ____D C:\Windows\Minidump
2015-11-27 14:32 - 2010-12-10 08:15 - 00000954 _____ C:\Users\Marianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-11-27 14:32 - 2009-10-25 14:44 - 00000000 ____D C:\Users\Marianna\AppData\Roaming\mjusbsp
2015-11-27 08:47 - 2009-07-13 20:45 - 00351824 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-27 08:37 - 2009-08-21 18:58 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-27 08:37 - 2009-08-21 18:56 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2015-11-26 22:17 - 2013-08-06 21:12 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000Core.job
2015-11-21 19:26 - 2009-08-21 18:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-21 19:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2015-11-21 19:01 - 2009-10-25 14:03 - 00086600 _____ C:\Users\Marianna\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-21 19:00 - 2009-08-21 18:41 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-21 18:47 - 2010-12-17 18:17 - 00000000 ____D C:\swsetup
2015-11-17 11:09 - 2015-08-04 09:22 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-17 11:09 - 2014-12-14 09:56 - 00001940 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-11 05:24 - 2012-06-10 08:32 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 05:24 - 2012-06-10 08:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 05:24 - 2011-08-12 19:43 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 04:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-11-11 04:02 - 2014-11-08 21:24 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-11 03:58 - 2015-11-03 08:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-11 03:58 - 2012-05-29 17:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-11 03:54 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 03:36 - 2013-08-14 02:03 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 03:23 - 2010-11-14 17:45 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 03:21 - 2009-10-25 16:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 03:09 - 2011-11-23 15:26 - 00778004 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-10 17:32 - 2015-01-09 11:56 - 00002068 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2011-05-13 21:10 - 2011-09-16 13:22 - 0001854 _____ () C:\Users\Marianna\AppData\Roaming\GhostObjGAFix.xml
2009-11-18 18:47 - 2013-10-28 12:12 - 0000004 _____ () C:\Users\Marianna\AppData\Roaming\wklnhst.dat
2014-02-22 22:16 - 2015-10-22 10:32 - 0005632 _____ () C:\Users\Marianna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-16 13:32 - 2012-09-16 13:32 - 0000036 _____ () C:\Users\Marianna\AppData\Local\housecall.guid.cache
2011-04-07 15:11 - 2011-04-07 15:11 - 3002471 _____ (MyWebSearch.com) C:\Users\Marianna\AppData\Local\mwsautSp.exe
2009-10-25 15:39 - 2010-06-16 20:20 - 0003680 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Marianna\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-11 04:41
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Marianna (2015-12-07 13:29:03)
Running from C:\Users\Marianna\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-10-25 21:58:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-923862711-2733204016-223384989-500 - Administrator - Disabled)
Guest (S-1-5-21-923862711-2733204016-223384989-501 - Limited - Disabled)
Marianna (S-1-5-21-923862711-2733204016-223384989-1000 - Administrator - Enabled) => C:\Users\Marianna
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Disabled - Out of date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Microsoft Security Essentials (Disabled - Out of date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcadeCandy (HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\{6A2EF989-A524-48bf-985F-9D076B334980}) (Version: ac 1.3.273 - ArcadeCandy LLC) <==== ATTENTION
Are You Smarter than a 5th Grader - Make the Grade (x32 Version: 2.2.0.95 - WildTangent) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.125 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Balloon Blast (x32 Version: 2.2.0.95 - WildTangent) Hidden
Beezzle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - PopCap Games)
Bejeweled Blitz (HKLM-x32\...\Bejeweled Blitz) (Version:  - PopCap Games)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version:  - PopCap Games)
Bejeweled Twist (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 2.0.1.46 - )
Bob the Builder - Can-Do Carnival (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version:  - Oberon Media)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version:  - PopCap Games)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CIF USB Camera (HKLM-x32\...\{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}) (Version: 1.0.0.2 - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Concentration (remove only) (HKLM-x32\...\Concentration) (Version:  - )
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.2) (Version: 5.0.0.2 - Coupons.com Incorporated)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Diamond Drop 2 (HKLM-x32\...\BFG-Diamond Drop 2) (Version:  - )
Diego's Ultimate Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DJ_AIO_05_F4400_Software_Min (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
DriverUpdate (HKLM-x32\...\{C6044CF6-833B-40A1-A1AE-499812ABB8EB}) (Version: 2.5.2 - Slimware Utilities Holdings, Inc.)
F4400 (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Games.com Toolbar (HKLM-x32\...\Games.com Toolbar) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM-x32\...\{961034C0-58DF-11DF-97FD-005056806466}) (Version: 5.2.0.5932 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
H&R Block Deluxe + Efile + State 2009 (HKLM-x32\...\{53A19323-917A-4822-B27E-A57D1EF6E9FC}) (Version: 09.04.6901 - HRB Technology, LLC.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (HKLM\...\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Juniper Networks Cache Cleaner 6.3.0 (HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Juniper_Networks_Cache_Cleaner 6.3.0) (Version: 6.3.0.14121 - Juniper Networks)
Juniper Networks Host Checker (HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Neoteris_Host_Checker) (Version: 7.1.7.20581 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 1.3.1.6 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Juniper_Setup_Client) (Version: 7.1.7.18795 - Juniper Networks, Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
magicJack (HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Mahjongg: Ancient Mayas (HKLM-x32\...\BFG-Mahjongg - Ancient Mayas) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Mozilla Thunderbird 12.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 12.0.1 (x86 en-US)) (Version: 12.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
PC Power Speed 1.1.0.36 (HKLM-x32\...\{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1) (Version: 1.1.0.36 - Crawler, LLC.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PIXresizer 2.0.4 (HKLM-x32\...\PIXresizer_is1) (Version:  - Bluefive software)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shop it Up! (x32 Version: 2.2.0.97 - WildTangent) Hidden
SlimCleaner Plus (HKLM\...\{FDBF32ED-3777-42C8-9272-380994F04EC9}) (Version: 2.5.0 - Slimware Utilities Holdings, Inc.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Super TextTwist (HKLM-x32\...\b6d996de41893bf1f3034c877caeda12) (Version:  - )
Super Yum Yum: Puzzle Adventures (x32 Version: 2.2.0.97 - WildTangent) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.45.1000 - SUPERAntiSpyware.com)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.4.16 - WildTangent) Hidden
Word Power - The Green Revolution (x32 Version: 2.2.0.95 - WildTangent) Hidden
Word Zen (HKLM-x32\...\BFG-Word Zen) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-923862711-2733204016-223384989-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Marianna\AppData\Local\Roblox\Versions\version-cdc47f439edb4527\RobloxProxy64.dll (ROBLOX Corporation)
 
==================== Restore Points =========================
 
10-11-2015 03:22:24 Windows Update
11-11-2015 03:01:00 Windows Update
13-11-2015 03:00:12 Windows Update
13-11-2015 22:16:23 HPSF Restore Point
17-11-2015 05:15:16 Windows Update
20-11-2015 13:35:48 Windows Update
21-11-2015 18:54:31 Installed HP Support Assistant
21-11-2015 19:11:42 Windows Modules Installer
21-11-2015 19:18:52 Windows Modules Installer
24-11-2015 12:06:56 Windows Update
01-12-2015 19:44:45 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2015-12-07 12:10 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {185E67C7-6CD3-40E7-94BB-0F456D38BB17} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {1EEC7306-51E8-4431-B072-C09713FD0FAE} - System32\Tasks\{8CAF4BEC-4B0D-4E1D-BED5-3B401BB181D8} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {2D2BA482-D675-48E0-AD4F-4BA053107AE8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {37D9C362-EE09-4408-A25B-A5E3CC0DDACF} - System32\Tasks\{6C739D6D-0608-40E5-8BE1-7FF0892B3904} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {3E564FBD-E038-4168-8575-CA2A173FD942} - System32\Tasks\PlayFizz => C:\Users\Marianna\AppData\Local\FizzPlatinum\Updater.exe
Task: {53CE94EC-B65B-4B27-A01E-211A0F54D02E} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {63D051F6-FA09-4C9B-BC85-A649A4C96AD0} - System32\Tasks\HPCeeScheduleForMarianna => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {6A22CB7E-F9D7-4638-8569-301CF90483BA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000Core => C:\Users\Marianna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-06] (Facebook Inc.)
Task: {8EE947F1-734A-433A-9C6E-0A7F03047FF7} - \DriverUpdate Scan -> No File <==== ATTENTION
Task: {A04F5366-2048-4E86-860D-8714EC9FD1FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-24] (Hewlett-Packard)
Task: {A29AC07E-A4D1-4C5E-B65D-6D7B132086E9} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-24] (Hewlett-Packard)
Task: {A5B24EBE-7B4D-4E37-BB3F-380867B0029F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B1A6EA09-B8DF-492D-9F18-CBE723F688EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {B25F5F08-A75B-4407-AD6B-7E2B708875AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {D2B22552-3109-4C29-BB06-E53E244E2DC2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000UA => C:\Users\Marianna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-06] (Facebook Inc.)
Task: {E2CE5732-CCB8-43C6-BC87-60262326DC7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E53036EC-BD13-4351-96F1-330CF8E33E30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000Core.job => C:\Users\Marianna\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000UA.job => C:\Users\Marianna\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMarianna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml
Task: C:\Windows\Tasks\PlayFizz.job => C:\Users\Marianna\AppData\Local\FizzPlatinum\Updater.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-10-27 19:07 - 2007-07-12 21:37 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:01BEC24A
AlternateDataStreams: C:\ProgramData\Temp:3E7393FC
AlternateDataStreams: C:\ProgramData\Temp:598E8EA1
AlternateDataStreams: C:\ProgramData\Temp:C118E02A
AlternateDataStreams: C:\Users\Marianna\12 tax sifnature date.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Marianna\12 tax sifnature date.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Marianna\can tax sig 2012.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Marianna\can tax sig 2012.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Marianna\mari and victor con un millon.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Marianna\mari and victor con un millon.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-923862711-2733204016-223384989-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marianna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Marianna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DING!.lnk => C:\Windows\pss\DING!.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Marianna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: cdloader => "C:\Users\Marianna\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/07/2015 01:17:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 61c
 
Start Time: 01d13133b1a70060
 
Termination Time: 78
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: d24b26b1-9d27-11e5-9687-90e6ba04f921
 
Error: (12/07/2015 01:14:01 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.
 
Error: (12/07/2015 01:14:01 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.
 
Error: (12/07/2015 12:39:59 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Marianna\Desktop\mbar\mbar.exe  "C:\Users\Marianna\Desktop\mbar"     ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).
 
Error: (12/07/2015 12:39:59 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Marianna\Desktop\mbar\mbar.exe  "C:\Users\Marianna\Desktop\mbar"     ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).
 
Error: (12/01/2015 10:00:46 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"; Description = Revo Uninstaller Pro's restore point - DriverUpdate; Error = 0x8007043c).
 
Error: (12/01/2015 09:57:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"; Description = Revo Uninstaller Pro's restore point - SlimCleaner Plus; Error = 0x8007043c).
 
Error: (12/01/2015 09:52:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"; Description = Revo Uninstaller Pro's restore point - DriverUpdate; Error = 0x8007043c).
 
Error: (12/01/2015 09:48:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"; Description = Revo Uninstaller Pro's restore point - SlimCleaner Plus; Error = 0x8007043c).
 
Error: (12/01/2015 09:46:51 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"; Description = Revo Uninstaller Pro's restore point - SlimCleaner Plus; Error = 0x8007043c).
 
 
System errors:
=============
Error: (12/07/2015 01:14:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error: 
%%-2147017840
 
Error: (12/07/2015 01:10:46 PM) (Source: Microsoft Antimalware) (EventID: 5101) (User: )
Description: %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.
 
Expiration Reason: %%873
 
Expiration Date (UTC): ‎12/‎7/‎2015 9:10:46 PM
 
Error Code: 0x80092003
 
Error Description: An error occurred while reading or writing to a file.
 
Error: (12/07/2015 01:09:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (12/07/2015 12:42:41 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (12/07/2015 12:42:41 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (12/07/2015 12:42:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (12/07/2015 12:42:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error: 
%%-2147017840
 
Error: (12/07/2015 12:42:32 PM) (Source: Microsoft Antimalware) (EventID: 5101) (User: )
Description: %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.
 
Expiration Reason: %%873
 
Expiration Date (UTC): ‎12/‎7/‎2015 8:42:31 PM
 
Error Code: 0x80092003
 
Error Description: An error occurred while reading or writing to a file.
 
Error: (12/07/2015 12:42:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/07/2015 12:42:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
avipbb
avkmgr
discache
MpFilter
SASDIFSV
SASKUTIL
spldr
Wanarpv6
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X2 215 Processor
Percentage of memory in use: 44%
Total physical RAM: 2942.49 MB
Available physical RAM: 1633.89 MB
Total Virtual: 5883.19 MB
Available Virtual: 4006.32 MB
 
==================== Drives ================================
 
Drive c: (COMPAQ) (Fixed) (Total:454.76 GB) (Free:306.16 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.9 GB) (Free:2.02 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2015.12.07.04
  rootkit: v2015.12.07.01
 
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.18097
Marianna :: MARIANNA-PC [administrator]
 
12/7/2015 12:15:19 PM
mbar-log-2015-12-07 (12-15-19).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 359113
Time elapsed: 22 minute(s), 47 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 3
C:\$Recycle.Bin\S-1-5-18\$e43f0e7d1b49cb0461ebd68268d989d5\U (Trojan.Siredef.C) -> Delete on reboot. [291730726b2054e2211f669bad539070]
C:\$Recycle.Bin\S-1-5-18\$e43f0e7d1b49cb0461ebd68268d989d5\L (Trojan.Siredef.C) -> Delete on reboot. [2b151e84ee9dcc6a053dbc453ac6a45c]
C:\$Recycle.Bin\S-1-5-18\$e43f0e7d1b49cb0461ebd68268d989d5 (Trojan.Siredef.C) -> Delete on reboot. [fc44f6aca0ebbe78f44ff40dd32d26da]
 
Files Detected: 1
C:\$Recycle.Bin\S-1-5-18\$e43f0e7d1b49cb0461ebd68268d989d5\@ (Trojan.Siredef.C) -> Delete on reboot. [79c7970b9cef3006a29b758c06faa759]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18097
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 3085426688, free: 1819062272
 
Downloaded database version: v2015.12.07.04
Downloaded database version: v2015.12.07.01
Downloaded database version: v2015.12.06.02
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     12/07/2015 12:15:10
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\nvstor64.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmf6264.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\dot4usb.sys
\SystemRoot\system32\DRIVERS\Dot4.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor64.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.12.07.04
  rootkit: v2015.12.07.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003057060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003057b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003057060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80023362c0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8002d109c0, DeviceName: \Device\00000057\, DriverName: \Driver\nvstor64\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 953696256
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 953903104  Numsec = 22867968
    Partition is bootable
    Partition file system is NTFS
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Infected: C:\$Recycle.Bin\S-1-5-18\$e43f0e7d1b49cb0461ebd68268d989d5\@ --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-18\$e43f0e7d1b49cb0461ebd68268d989d5\U --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-18\$e43f0e7d1b49cb0461ebd68268d989d5\L --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-18\$e43f0e7d1b49cb0461ebd68268d989d5 --> [Trojan.Siredef.C]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal successful. No system shutdown is required.
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-953903104-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18097
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 3085426688, free: 2539843584
 
Downloaded database version: v2015.12.07.05
Downloaded database version: v2015.12.07.01
Downloaded database version: v2015.12.06.02
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     12/07/2015 12:44:05
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\nvstor64.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmf6264.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor64.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\dot4usb.sys
\SystemRoot\system32\DRIVERS\Dot4.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\rpcrt4.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shell32.dll
\Windows\System32\ole32.dll
\Windows\System32\kernel32.dll
\Windows\System32\psapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\difxapi.dll
\Windows\System32\wininet.dll
\Windows\System32\msctf.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imm32.dll
\Windows\System32\urlmon.dll
\Windows\System32\imagehlp.dll
\Windows\System32\iertutil.dll
\Windows\System32\oleaut32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\setupapi.dll
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\usp10.dll
\Windows\System32\gdi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\sechost.dll
\Windows\System32\advapi32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.12.07.05
  rootkit: v2015.12.07.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003015060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003015b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003015060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80022ece40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8002d166e0, DeviceName: \Device\00000057\, DriverName: \Driver\nvstor64\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 953696256
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 953903104  Numsec = 22867968
    Partition is bootable
    Partition file system is NTFS
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-953903104-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 
 
 
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2015.12.07.05
  rootkit: v2015.12.07.01
 
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.18097
Marianna :: MARIANNA-PC [administrator]
 
12/7/2015 12:44:15 PM
mbar-log-2015-12-07 (12-44-15).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 359176
Time elapsed: 22 minute(s), 57 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)

  • 0

#6
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Hichicha

Sorry for the delay.

Looks like one of the rootkit issue is still there.

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

HKLM\...\Run: [MSC] => "c:\Program Files\Microsoft Security Client\Antimalware\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - Windows Repair (All In One):

    Boot your system into safe mode with networking.
    Download the installer for Windows Repair (All In One) from here. Don't download the portable version.
    Browse to the file called tweaking.com_windows_repair_aio_setup. Right click on this file and select Run as Administrator
    Follow on screen instructions to install it.
    Locate the file called Repair_Windows.exe. Right click on this file and select Run as Administrator. Click continue on the User Account Control prompt.
    The below GUI(graphical user interface) will appear/load:-

    windows%20all%20in%20one_zpse2cuwqgy.jpg


    Click on the Step 5 tab >> Under 1. Registry Backup click on Backup
    When the above has been created, under the 2. System Restore setting click on the Create tab.
    Then after Restore point created at date/time is denoted >> click on Next >> deselect Automatically do a registry backup
    Click Open Repairs
    Ensure only options 1,2,3,10,11 and 12 are ticked.
    Now click on the Start Repairs and the repair process will begin. Do not use your machine for anything else until the repairs are completed.
    Upon completion your machine should automatically reboot, if it does not do so manually please.

    Step3 - Fresh FRST logs
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.


    Things for your next post:
  • fixlog.txt
  • Please tell me if you can see and access your desktop now.
  • FRST.txt and Addition.txt

  • 0

#7
hichicha

hichicha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi. Thanks for responding. No, I still do not see the desktop. 

 

Here are the logs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Marianna (2015-12-09 12:32:53) Run:3
Running from C:\Users\Marianna\Desktop
Loaded Profiles: Marianna (Available Profiles: Marianna)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
HKLM\...\Run: [MSC] => "c:\Program Files\Microsoft Security Client\Antimalware\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
EmptyTemp:
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => value restored successfully
EmptyTemp: => 167.4 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 12:32:55 ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by Marianna (administrator) on MARIANNA-PC (09-12-2015 13:24:02)
Running from C:\Users\Marianna\Desktop
Loaded Profiles: Marianna (Available Profiles: Marianna)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [PAC207_Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [MSC] => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [avast5] => "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Run: [cdloader] => C:\Users\Marianna\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Run: [Facebook Update] => C:\Users\Marianna\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-06] (Facebook Inc.)
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\MountPoints2: {8e8fc057-b51d-11e2-8ad7-90e6ba04f921} - F:\iStudio.exe
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\MountPoints2: {a0697562-ed91-11de-98ff-90e6ba04f921} - H:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-17]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0E302306-C0A6-409A-86F5-31F881995E46}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-923862711-2733204016-223384989-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - Games.com Toolbar Search Class - {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - C:\Program Files (x86)\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
URLSearchHook: HKU\S-1-5-21-923862711-2733204016-223384989-1000 -> Default = {f78bf7a8-cf12-4de7-a6da-c463d1b539a7}
URLSearchHook: HKU\S-1-5-21-923862711-2733204016-223384989-1000 - Games.com Toolbar Search Class - {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - C:\Program Files (x86)\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
SearchScopes: HKLM -> DefaultScope {75E8A6AA-D2C9-4E08-93FF-6CD70EDCBBD7} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {75E8A6AA-D2C9-4E08-93FF-6CD70EDCBBD7} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = 
SearchScopes: HKLM-x32 -> {75E8A6AA-D2C9-4E08-93FF-6CD70EDCBBD7} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-923862711-2733204016-223384989-1000 -> {60E20E80-61BB-49CC-A8A9-56FB7858682C} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-923862711-2733204016-223384989-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}853178
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-09] (Oracle Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-09] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://ssl.water.ca.gov/dana-cached/sc/JuniperSetupClient.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Marianna\AppData\Roaming\Mozilla\Firefox\Profiles\i7ln9raf.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-09] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\13\NP_wtapp.dll [2012-08-16] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-923862711-2733204016-223384989-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Marianna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-09] (Apple Inc.)
FF Extension: No Name - C:\Users\Marianna\AppData\Roaming\Mozilla\Firefox\Profiles\i7ln9raf.default\extensions\[email protected] [not found]
FF Extension: Avira Browser Safety - C:\Users\Marianna\AppData\Roaming\Mozilla\Firefox\Profiles\i7ln9raf.default\Extensions\[email protected] [2015-10-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-10-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.160.1) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll => No File
CHR Plugin: (Java™ Platform SE 6 U16) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gears.dll => No File
CHR Plugin: (PlaySushi Textlinks Plugin) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fncciponkgfpkhdpcnllnbkmocnajkcf\nppstl.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll => No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll => No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Marianna\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File
CHR Profile: C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Avira Browser Safety) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-21]
CHR Extension: (Google Docs Offline) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02]
CHR Extension: (Gmail) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (CrushArcade) - C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhjnmacgahapmnnifmneapinilajfol [2015-12-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [knbjpbhhfkoodogjcbjemoaidadolapp] - C:\Users\Marianna\AppData\Local\FizzPlatinum\platinum.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-12-01] (SurfRight B.V.)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S3 iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [934760 2012-03-27] (Apple Inc.)
S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-01] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-22] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2015-12-07] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [686592 2008-02-13] (PixArt Imaging Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-09 12:41 - 2015-12-09 12:41 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MARIANNA-PC-Windows-7-Home-Premium-(64-bit).dat
2015-12-09 12:41 - 2015-12-09 12:41 - 00000000 ____D C:\RegBackup
2015-12-09 12:39 - 2015-12-09 12:40 - 00000000 ____D C:\Users\Marianna\Downloads\Tweaking.com - Windows Repair
2015-12-09 12:36 - 2015-12-09 12:36 - 18901701 _____ C:\Users\Marianna\Downloads\tweaking.com_windows_repair_aio.zip
2015-12-07 14:26 - 2015-12-07 14:26 - 00041080 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-12-07 12:15 - 2015-12-07 13:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-07 12:14 - 2015-12-07 13:07 - 00000000 ____D C:\Users\Marianna\Desktop\mbar
2015-12-07 12:08 - 2015-12-07 12:08 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Marianna\Downloads\mbar-1.09.3.1001.exe
2015-12-07 11:54 - 2015-12-09 12:32 - 00000722 _____ C:\Users\Marianna\Desktop\Fixlog.txt
2015-12-05 21:30 - 2015-12-05 21:30 - 00001963 _____ C:\new.txt
2015-12-05 13:44 - 2015-12-07 13:33 - 00034731 _____ C:\Users\Marianna\Desktop\Addition.txt
2015-12-05 13:42 - 2015-12-09 13:24 - 00021927 _____ C:\Users\Marianna\Desktop\FRST.txt
2015-12-05 13:42 - 2015-12-09 13:24 - 00000000 ____D C:\FRST
2015-12-05 13:40 - 2015-12-05 13:40 - 02369024 _____ (Farbar) C:\Users\Marianna\Desktop\FRST64.exe
2015-12-02 20:57 - 2015-12-02 20:57 - 00000000 ____D C:\Users\Marianna\Documents\Documents Folder
2015-12-02 20:36 - 2015-12-02 20:36 - 00000000 ____D C:\ProgramData\Trymedia
2015-12-01 21:44 - 2015-12-01 21:44 - 00001083 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-12-01 21:44 - 2015-12-01 21:44 - 00000000 ____D C:\Users\Marianna\AppData\Local\VS Revo Group
2015-12-01 21:44 - 2015-12-01 21:44 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-12-01 21:44 - 2015-12-01 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-12-01 21:44 - 2015-12-01 21:44 - 00000000 ____D C:\Program Files\VS Revo Group
2015-12-01 21:44 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-12-01 21:40 - 2015-12-01 21:40 - 00000000 ____D C:\Program Files (x86)\Roblox
2015-12-01 21:28 - 2015-12-01 21:28 - 00014032 _____ C:\Windows\system32\.crusader
2015-12-01 21:15 - 2015-12-01 21:15 - 00001899 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-12-01 21:15 - 2015-12-01 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-12-01 21:15 - 2015-12-01 21:15 - 00000000 ____D C:\Program Files\HitmanPro
2015-12-01 21:13 - 2015-12-01 21:29 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-01 20:40 - 2015-12-01 20:40 - 00001656 _____ C:\Users\Marianna\Desktop\JRT.txt
2015-12-01 20:31 - 2015-12-01 20:36 - 00000000 ____D C:\AdwCleaner
2015-12-01 20:08 - 2015-12-01 20:41 - 00001068 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-27 18:15 - 2015-11-27 18:15 - 00292512 _____ C:\Windows\Minidump\112715-36441-01.dmp
2015-11-23 18:04 - 2015-11-23 18:13 - 00000250 _____ C:\Users\Marianna\AppData\LocalLow\rbxcsettings.rbx
2015-11-23 18:04 - 2015-11-23 18:08 - 00000000 ____D C:\Users\Marianna\AppData\Local\Roblox
2015-11-21 19:26 - 2015-11-21 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-13 03:28 - 2015-11-27 08:47 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForMarianna.job
2015-11-13 03:28 - 2015-11-13 03:28 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMarianna
2015-11-12 12:20 - 2015-11-03 09:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-10 21:46 - 2015-10-20 10:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-10 21:46 - 2015-10-20 10:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-10 21:46 - 2015-10-20 10:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-10 21:46 - 2015-10-20 10:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-10 21:46 - 2015-10-20 10:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-10 21:46 - 2015-10-20 10:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-10 21:46 - 2015-10-20 09:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-10 21:46 - 2015-10-20 09:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-10 21:46 - 2015-10-20 09:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-10 21:46 - 2015-10-20 09:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-10 21:46 - 2015-10-20 09:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-10 21:45 - 2015-11-03 14:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-10 21:45 - 2015-11-03 13:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-10 21:45 - 2015-10-30 15:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 21:45 - 2015-10-30 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-10 21:45 - 2015-10-30 15:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-10 21:45 - 2015-10-30 15:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 21:45 - 2015-10-30 15:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-10 21:45 - 2015-10-30 15:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-10 21:45 - 2015-10-30 15:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-10 21:45 - 2015-10-30 15:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-10 21:45 - 2015-10-30 15:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-10 21:45 - 2015-10-30 15:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-10 21:45 - 2015-10-30 15:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-10 21:45 - 2015-10-30 15:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-10 21:45 - 2015-10-30 15:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-10 21:45 - 2015-10-30 15:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-10 21:45 - 2015-10-30 15:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-10 21:45 - 2015-10-30 15:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 21:45 - 2015-10-30 15:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-10 21:45 - 2015-10-30 15:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-10 21:45 - 2015-10-30 15:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-10 21:45 - 2015-10-30 14:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-10 21:45 - 2015-10-30 14:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-10 21:45 - 2015-10-30 14:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-10 21:45 - 2015-10-30 14:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-10 21:45 - 2015-10-30 14:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-10 21:45 - 2015-10-30 14:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-10 21:45 - 2015-10-30 14:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-10 21:45 - 2015-10-30 14:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-10 21:45 - 2015-10-30 14:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-10 21:45 - 2015-10-30 14:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-10 21:45 - 2015-10-30 14:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-10 21:45 - 2015-10-30 14:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-10 21:45 - 2015-10-30 14:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-10 21:45 - 2015-10-30 14:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-10 21:45 - 2015-10-30 14:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-10 21:45 - 2015-10-30 14:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-10 21:45 - 2015-10-30 14:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-10 21:45 - 2015-10-30 14:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-10 21:45 - 2015-10-30 14:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-10 21:45 - 2015-10-30 14:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-10 21:45 - 2015-10-30 14:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-10 21:45 - 2015-10-30 14:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-10 21:45 - 2015-10-30 14:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-10 21:45 - 2015-10-30 14:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-10 21:45 - 2015-10-30 14:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-10 21:45 - 2015-10-30 14:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-10 21:45 - 2015-10-30 14:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 21:45 - 2015-10-30 14:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-10 21:45 - 2015-10-30 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-10 21:45 - 2015-10-30 14:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-10 21:45 - 2015-10-30 14:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-10 21:45 - 2015-10-30 14:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-10 21:45 - 2015-10-30 14:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-10 21:45 - 2015-10-30 14:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-10 21:45 - 2015-10-30 14:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-10 21:45 - 2015-10-30 14:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-10 21:45 - 2015-10-30 14:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-10 21:45 - 2015-10-30 14:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-10 21:45 - 2015-10-30 14:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 21:45 - 2015-10-30 13:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-10 21:45 - 2015-10-30 13:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-10 21:45 - 2015-10-30 13:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-10 21:45 - 2015-10-30 13:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-10 21:45 - 2015-10-29 09:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-10 21:45 - 2015-10-29 09:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-10 21:45 - 2015-10-29 09:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-10 21:45 - 2015-10-29 09:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-10 21:45 - 2015-10-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-10 21:45 - 2015-10-29 09:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-10 21:45 - 2015-10-29 09:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-10 21:45 - 2015-10-19 17:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-10 21:45 - 2015-10-19 17:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-10 21:45 - 2015-10-19 17:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-10 21:45 - 2015-10-13 08:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-10 21:45 - 2015-10-13 08:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-10 21:44 - 2015-10-19 17:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-10 21:44 - 2015-10-19 17:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-10 21:44 - 2015-10-19 17:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-10 21:44 - 2015-10-19 17:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-10 21:44 - 2015-10-19 17:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-10 21:44 - 2015-10-19 17:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-10 21:44 - 2015-10-19 17:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-10 21:44 - 2015-10-19 17:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-10 21:44 - 2015-10-19 17:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-10 21:44 - 2015-10-19 17:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-10 21:44 - 2015-10-19 17:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-10 21:44 - 2015-10-19 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-10 21:44 - 2015-10-19 17:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-10 21:44 - 2015-10-19 17:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-10 21:44 - 2015-10-19 16:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-10 21:44 - 2015-10-19 16:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-10 21:44 - 2015-10-19 16:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-10 21:44 - 2015-10-19 16:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-10 21:44 - 2015-10-19 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-10 21:44 - 2015-10-19 16:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-10 21:44 - 2015-10-19 16:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-10 21:44 - 2015-10-19 16:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-10 21:44 - 2015-10-19 16:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-10 21:44 - 2015-10-19 16:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-10 21:44 - 2015-10-19 16:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-10 21:44 - 2015-10-19 16:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-10 21:44 - 2015-10-19 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 15:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-10 21:44 - 2015-10-19 15:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-10 21:44 - 2015-10-19 15:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-10 21:44 - 2015-10-19 15:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-10 21:44 - 2015-10-19 15:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-10 21:44 - 2015-10-19 15:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 15:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 15:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 21:44 - 2015-10-19 15:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-10 21:44 - 2015-10-12 20:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-10 21:44 - 2015-10-01 10:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-10 21:44 - 2015-10-01 10:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-10 21:44 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-10 21:44 - 2015-09-23 05:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-10 21:44 - 2015-09-23 05:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-10 21:44 - 2015-09-23 05:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-09 13:22 - 2009-12-07 10:44 - 00843684 _____ C:\Windows\ntbtlog.txt
2015-12-09 13:22 - 2009-07-13 20:45 - 00351824 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 12:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-07 14:29 - 2009-07-13 21:13 - 00785882 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-07 14:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-07 14:24 - 2012-06-10 08:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-07 14:22 - 2010-06-12 11:38 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-07 14:22 - 2010-06-12 11:38 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-07 14:22 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-07 13:36 - 2010-06-12 11:38 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-07 13:36 - 2010-06-12 11:38 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-07 13:23 - 2009-07-13 20:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-07 13:23 - 2009-07-13 20:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-07 13:17 - 2013-08-06 21:12 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000UA.job
2015-12-07 12:44 - 2014-11-05 21:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-07 12:43 - 2014-11-05 21:48 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-07 11:57 - 2010-11-15 21:49 - 00000000 ____D C:\Users\Marianna\AppData\LocalLow\Temp
2015-12-02 21:17 - 2014-09-29 10:58 - 00000000 ____D C:\Mari's Samsung Photos
2015-12-02 21:05 - 2009-10-25 13:58 - 00000000 ____D C:\Users\Marianna
2015-12-02 20:50 - 2012-01-16 12:36 - 00000000 ____D C:\Users\Marianna\Desktop\2012-01 (Jan)
2015-12-02 20:45 - 2014-11-05 22:51 - 00000000 ____D C:\A - To be filed
2015-12-02 20:42 - 2014-11-08 19:22 - 00000000 __SHD C:\Users\Marianna\AppData\Local\EmieUserList
2015-12-02 20:42 - 2014-11-08 19:22 - 00000000 __SHD C:\Users\Marianna\AppData\Local\EmieSiteList
2015-12-02 20:37 - 2010-07-12 19:44 - 00000000 ____D C:\Xochitl
2015-12-02 20:35 - 2011-07-17 15:03 - 00000000 ____D C:\MomDocs
2015-12-02 20:09 - 2010-05-02 10:22 - 00000000 ____D C:\Matt-Itzia
2015-12-01 20:41 - 2014-11-05 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-01 20:41 - 2014-11-05 21:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-01 20:33 - 2009-12-10 13:38 - 00000000 ____D C:\Users\Marianna\AppData\LocalLow\Yahoo!
2015-12-01 20:06 - 2010-03-02 20:41 - 00000000 ____D C:\Users\Marianna\AppData\Local\ElevatedDiagnostics
2015-12-01 19:40 - 2014-11-08 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-01 19:36 - 2014-11-08 21:31 - 00162072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-12-01 19:36 - 2014-11-08 21:31 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-12-01 19:36 - 2014-11-08 21:31 - 00075472 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-12-01 19:24 - 2012-10-10 21:05 - 00000274 _____ C:\Windows\Tasks\PlayFizz.job
2015-11-27 18:15 - 2010-10-04 23:48 - 487067489 _____ C:\Windows\MEMORY.DMP
2015-11-27 18:15 - 2010-10-04 23:48 - 00000000 ____D C:\Windows\Minidump
2015-11-27 14:32 - 2010-12-10 08:15 - 00000954 _____ C:\Users\Marianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-11-27 14:32 - 2009-10-25 14:44 - 00000000 ____D C:\Users\Marianna\AppData\Roaming\mjusbsp
2015-11-27 08:37 - 2009-08-21 18:58 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-27 08:37 - 2009-08-21 18:56 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2015-11-26 22:17 - 2013-08-06 21:12 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000Core.job
2015-11-21 19:26 - 2009-08-21 18:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-21 19:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2015-11-21 19:01 - 2009-10-25 14:03 - 00086600 _____ C:\Users\Marianna\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-21 19:00 - 2009-08-21 18:41 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-21 18:47 - 2010-12-17 18:17 - 00000000 ____D C:\swsetup
2015-11-17 11:09 - 2015-08-04 09:22 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-17 11:09 - 2014-12-14 09:56 - 00001940 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-11 05:24 - 2012-06-10 08:32 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 05:24 - 2012-06-10 08:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 05:24 - 2011-08-12 19:43 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 04:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-11-11 04:02 - 2014-11-08 21:24 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-11 03:58 - 2015-11-03 08:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-11 03:58 - 2012-05-29 17:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-11 03:54 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 03:36 - 2013-08-14 02:03 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 03:23 - 2010-11-14 17:45 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 03:21 - 2009-10-25 16:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 03:09 - 2011-11-23 15:26 - 00778004 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-10 17:32 - 2015-01-09 11:56 - 00002068 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2011-05-13 21:10 - 2011-09-16 13:22 - 0001854 _____ () C:\Users\Marianna\AppData\Roaming\GhostObjGAFix.xml
2009-11-18 18:47 - 2013-10-28 12:12 - 0000004 _____ () C:\Users\Marianna\AppData\Roaming\wklnhst.dat
2014-02-22 22:16 - 2015-10-22 10:32 - 0005632 _____ () C:\Users\Marianna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-16 13:32 - 2012-09-16 13:32 - 0000036 _____ () C:\Users\Marianna\AppData\Local\housecall.guid.cache
2011-04-07 15:11 - 2011-04-07 15:11 - 3002471 _____ (MyWebSearch.com) C:\Users\Marianna\AppData\Local\mwsautSp.exe
2009-10-25 15:39 - 2010-06-16 20:20 - 0003680 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-11 04:41
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Marianna (2015-12-09 13:25:24)
Running from C:\Users\Marianna\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-10-25 21:58:26)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-923862711-2733204016-223384989-500 - Administrator - Disabled)
Guest (S-1-5-21-923862711-2733204016-223384989-501 - Limited - Disabled)
Marianna (S-1-5-21-923862711-2733204016-223384989-1000 - Administrator - Enabled) => C:\Users\Marianna
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Disabled - Out of date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Microsoft Security Essentials (Disabled - Out of date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcadeCandy (HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\{6A2EF989-A524-48bf-985F-9D076B334980}) (Version: ac 1.3.273 - ArcadeCandy LLC) <==== ATTENTION
Are You Smarter than a 5th Grader - Make the Grade (x32 Version: 2.2.0.95 - WildTangent) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.125 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Balloon Blast (x32 Version: 2.2.0.95 - WildTangent) Hidden
Beezzle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - PopCap Games)
Bejeweled Blitz (HKLM-x32\...\Bejeweled Blitz) (Version:  - PopCap Games)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version:  - PopCap Games)
Bejeweled Twist (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 2.0.1.46 - )
Bob the Builder - Can-Do Carnival (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version:  - Oberon Media)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version:  - PopCap Games)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CIF USB Camera (HKLM-x32\...\{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}) (Version: 1.0.0.2 - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Concentration (remove only) (HKLM-x32\...\Concentration) (Version:  - )
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.2) (Version: 5.0.0.2 - Coupons.com Incorporated)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Diamond Drop 2 (HKLM-x32\...\BFG-Diamond Drop 2) (Version:  - )
Diego's Ultimate Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DJ_AIO_05_F4400_Software_Min (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
DriverUpdate (HKLM-x32\...\{C6044CF6-833B-40A1-A1AE-499812ABB8EB}) (Version: 2.5.2 - Slimware Utilities Holdings, Inc.)
F4400 (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Games.com Toolbar (HKLM-x32\...\Games.com Toolbar) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM-x32\...\{961034C0-58DF-11DF-97FD-005056806466}) (Version: 5.2.0.5932 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
H&R Block Deluxe + Efile + State 2009 (HKLM-x32\...\{53A19323-917A-4822-B27E-A57D1EF6E9FC}) (Version: 09.04.6901 - HRB Technology, LLC.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (HKLM\...\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Juniper Networks Cache Cleaner 6.3.0 (HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Juniper_Networks_Cache_Cleaner 6.3.0) (Version: 6.3.0.14121 - Juniper Networks)
Juniper Networks Host Checker (HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Neoteris_Host_Checker) (Version: 7.1.7.20581 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 1.3.1.6 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\Juniper_Setup_Client) (Version: 7.1.7.18795 - Juniper Networks, Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
magicJack (HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Mahjongg: Ancient Mayas (HKLM-x32\...\BFG-Mahjongg - Ancient Mayas) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Mozilla Thunderbird 12.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 12.0.1 (x86 en-US)) (Version: 12.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
PC Power Speed 1.1.0.36 (HKLM-x32\...\{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1) (Version: 1.1.0.36 - Crawler, LLC.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PIXresizer 2.0.4 (HKLM-x32\...\PIXresizer_is1) (Version:  - Bluefive software)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shop it Up! (x32 Version: 2.2.0.97 - WildTangent) Hidden
SlimCleaner Plus (HKLM\...\{FDBF32ED-3777-42C8-9272-380994F04EC9}) (Version: 2.5.0 - Slimware Utilities Holdings, Inc.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Super TextTwist (HKLM-x32\...\b6d996de41893bf1f3034c877caeda12) (Version:  - )
Super Yum Yum: Puzzle Adventures (x32 Version: 2.2.0.97 - WildTangent) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.45.1000 - SUPERAntiSpyware.com)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.4.16 - WildTangent) Hidden
Word Power - The Green Revolution (x32 Version: 2.2.0.95 - WildTangent) Hidden
Word Zen (HKLM-x32\...\BFG-Word Zen) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-923862711-2733204016-223384989-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Marianna\AppData\Local\Roblox\Versions\version-cdc47f439edb4527\RobloxProxy64.dll (ROBLOX Corporation)
 
==================== Restore Points =========================
 
13-11-2015 03:00:12 Windows Update
13-11-2015 22:16:23 HPSF Restore Point
17-11-2015 05:15:16 Windows Update
20-11-2015 13:35:48 Windows Update
21-11-2015 18:54:31 Installed HP Support Assistant
21-11-2015 19:11:42 Windows Modules Installer
21-11-2015 19:18:52 Windows Modules Installer
24-11-2015 12:06:56 Windows Update
01-12-2015 19:44:45 Windows Update
07-12-2015 13:31:17 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2015-12-07 12:10 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05101669-94D9-4BA0-8169-F9841A1CC8AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {185E67C7-6CD3-40E7-94BB-0F456D38BB17} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {1EEC7306-51E8-4431-B072-C09713FD0FAE} - System32\Tasks\{8CAF4BEC-4B0D-4E1D-BED5-3B401BB181D8} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {2D2BA482-D675-48E0-AD4F-4BA053107AE8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {37D9C362-EE09-4408-A25B-A5E3CC0DDACF} - System32\Tasks\{6C739D6D-0608-40E5-8BE1-7FF0892B3904} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {3E564FBD-E038-4168-8575-CA2A173FD942} - System32\Tasks\PlayFizz => C:\Users\Marianna\AppData\Local\FizzPlatinum\Updater.exe
Task: {53CE94EC-B65B-4B27-A01E-211A0F54D02E} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {63D051F6-FA09-4C9B-BC85-A649A4C96AD0} - System32\Tasks\HPCeeScheduleForMarianna => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {6A22CB7E-F9D7-4638-8569-301CF90483BA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000Core => C:\Users\Marianna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-06] (Facebook Inc.)
Task: {8EE947F1-734A-433A-9C6E-0A7F03047FF7} - \DriverUpdate Scan -> No File <==== ATTENTION
Task: {A04F5366-2048-4E86-860D-8714EC9FD1FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-24] (Hewlett-Packard)
Task: {A29AC07E-A4D1-4C5E-B65D-6D7B132086E9} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-24] (Hewlett-Packard)
Task: {B1A6EA09-B8DF-492D-9F18-CBE723F688EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {B25F5F08-A75B-4407-AD6B-7E2B708875AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {D2B22552-3109-4C29-BB06-E53E244E2DC2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000UA => C:\Users\Marianna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-06] (Facebook Inc.)
Task: {E2CE5732-CCB8-43C6-BC87-60262326DC7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E53036EC-BD13-4351-96F1-330CF8E33E30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000Core.job => C:\Users\Marianna\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-923862711-2733204016-223384989-1000UA.job => C:\Users\Marianna\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMarianna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml
Task: C:\Windows\Tasks\PlayFizz.job => C:\Users\Marianna\AppData\Local\FizzPlatinum\Updater.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:01BEC24A
AlternateDataStreams: C:\ProgramData\Temp:3E7393FC
AlternateDataStreams: C:\ProgramData\Temp:598E8EA1
AlternateDataStreams: C:\ProgramData\Temp:C118E02A
AlternateDataStreams: C:\Users\Marianna\12 tax sifnature date.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Marianna\12 tax sifnature date.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Marianna\can tax sig 2012.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Marianna\can tax sig 2012.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Marianna\mari and victor con un millon.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Marianna\mari and victor con un millon.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-923862711-2733204016-223384989-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marianna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Marianna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DING!.lnk => C:\Windows\pss\DING!.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Marianna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: cdloader => "C:\Users\Marianna\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/09/2015 12:41:43 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = Tweaking.com - Windows Repair; Error = 0x8007043c).
 
Error: (12/07/2015 01:17:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 61c
 
Start Time: 01d13133b1a70060
 
Termination Time: 78
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: d24b26b1-9d27-11e5-9687-90e6ba04f921
 
Error: (12/07/2015 01:14:01 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.
 
Error: (12/07/2015 01:14:01 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.
 
Error: (12/07/2015 12:39:59 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Marianna\Desktop\mbar\mbar.exe  "C:\Users\Marianna\Desktop\mbar"     ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).
 
Error: (12/07/2015 12:39:59 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Marianna\Desktop\mbar\mbar.exe  "C:\Users\Marianna\Desktop\mbar"     ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).
 
Error: (12/01/2015 10:00:46 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"; Description = Revo Uninstaller Pro's restore point - DriverUpdate; Error = 0x8007043c).
 
Error: (12/01/2015 09:57:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"; Description = Revo Uninstaller Pro's restore point - SlimCleaner Plus; Error = 0x8007043c).
 
Error: (12/01/2015 09:52:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"; Description = Revo Uninstaller Pro's restore point - DriverUpdate; Error = 0x8007043c).
 
Error: (12/01/2015 09:48:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"; Description = Revo Uninstaller Pro's restore point - SlimCleaner Plus; Error = 0x8007043c).
 
 
System errors:
=============
Error: (12/09/2015 01:23:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (12/09/2015 01:23:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (12/09/2015 01:23:16 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (12/09/2015 01:23:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/09/2015 01:22:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error: 
%%-2147017840
 
Error: (12/09/2015 01:22:42 PM) (Source: Microsoft Antimalware) (EventID: 5101) (User: )
Description: %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.
 
Expiration Reason: %%873
 
Expiration Date (UTC): ‎12/‎9/‎2015 9:22:42 PM
 
Error Code: 0x80092003
 
Error Description: An error occurred while reading or writing to a file.
 
Error: (12/09/2015 01:22:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
avipbb
avkmgr
discache
MpFilter
SASDIFSV
SASKUTIL
spldr
Wanarpv6
 
Error: (12/09/2015 01:22:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/09/2015 01:21:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (12/09/2015 12:34:15 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X2 215 Processor
Percentage of memory in use: 43%
Total physical RAM: 2942.49 MB
Available physical RAM: 1676.15 MB
Total Virtual: 5883.19 MB
Available Virtual: 4654.46 MB
 
==================== Drives ================================
 
Drive c: (COMPAQ) (Fixed) (Total:454.76 GB) (Free:304.92 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.9 GB) (Free:2.02 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#8
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Hichicha
 

No, I still do not see the desktop.


OK. When you boot normally what do you see? Is it just the desktop folder you mentioned?

If you look in the desktop folder do you see anything e.g. all your previous desktop icons?

Thanks
  • 0

#9
hichicha

hichicha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

When booting normally I see a photo that is the wallpaper and no icons on the desktop. When I look in the desktop folder I see a bunch of files that may have previously been on the desktop. I also see all the files I've saved to follow your instructions. 


  • 0

#10
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Hichicha

Ok. Please do the following.

1. Open the desktop folder.
2. click on the top file.
3. click Organize then Select All.
4. Then Organize, then Copy.
5. Click on a blank area of the desktop.
6. Right click and then Paste.
7. Once all files are copied. Reboot.

Once the machine has rebooted does the desktop now look back to Normal with the icons showing? Please click on a few to make sure they work.
  • 0

Advertisements


#11
hichicha

hichicha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Good morning. Sorry for the delay in responding. I turned on the computer, right clicked on the desktop and selected Show Desktop Icons. That appears to have worked. But the computer continues to freeze after about 10 minutes of turning it on. There continues to be an icon pinned to the task bar that says: Can't Open This Item; it might have been moved, renamed, or deleted; Do you want to remove this item? It looks like this was a Mozilla Firefox. 

 

Besides that, I have another question about backing up my files. I saved them to a usb flash drive. However, I've noticed on the FRST log that there is an Alternate Data Stream that references several .jpegs. Not knowing what an Alternate Data Stream is, I tried looking it up. I'm not sure I understand. Is it possible that the files that I have backed up onto my flash drive are "infected"?

 

Thanks for your help. 

 

 

Hi Hichicha

Ok. Please do the following.

1. Open the desktop folder.
2. click on the top file.
3. click Organize then Select All.
4. Then Organize, then Copy.
5. Click on a blank area of the desktop.
6. Right click and then Paste.
7. Once all files are copied. Reboot.

Once the machine has rebooted does the desktop now look back to Normal with the icons showing? Please click on a few to make sure they work.


  • 0

#12
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Hichicha

Good to see desktop is back. We have further cleaning to do. :)

In terms of the Alternate Data Streams they are often used by many programs to store file information such as attributes and temporary storage. In some cases Malware can use ADS to infect files. However the jpeg files are not an issue.

Let's start cleaning up the rest. :)

Step1 - Remove unwanted programs

Please uninstall the following unwanted programs:

ArcadeCandy
Coupon Printer for Windows
DriverUpdate
PC Power Speed 1.1.0.36
SlimCleaner Plus



Note: If any of the programs are not listed or you have any issues uninstalling them, proceed to the next one and work through the list.

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall e.g.ArcadeCandy
Click uninstall.
Repeat the above steps for all the other programs to remove.


Step2 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   3.55KB   81 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step3 - AdwCleaner scan


    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • Upon completion, click Logfile. A log (AdwCleaner[S*].txt) will open.
  • Please copy and paste this in your next reply.

    Things for your next post:
  • Any issues with uninstalling any of the programs?
  • fixlog.txt
  • AdwCleaner[S*].txt

  • 0

#13
hichicha

hichicha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Thank you! I'll try this. 


  • 0

#14
hichicha

hichicha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

I was able to uninstall slimcleaner plus and driver update. I cannot find coupon printer or arcade candy after seeing it the first time I tried. PC Power Pro would not uninstall. It says there was an error uninstalling because it's already uninstalled. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-12-2015
Ran by Marianna (2015-12-17 20:42:01) Run:6
Running from C:\Users\Marianna\Desktop
Loaded Profiles: Marianna (Available Profiles: Marianna)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [avast5] => "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\MountPoints2: {8e8fc057-b51d-11e2-8ad7-90e6ba04f921} - F:\iStudio.exe
HKU\S-1-5-21-923862711-2733204016-223384989-1000\...\MountPoints2: {a0697562-ed91-11de-98ff-90e6ba04f921} - H:\LaunchU3.exe -a
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-923862711-2733204016-223384989-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - Games.com Toolbar Search Class - {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - C:\Program Files (x86)\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
URLSearchHook: HKU\S-1-5-21-923862711-2733204016-223384989-1000 -> Default = {f78bf7a8-cf12-4de7-a6da-c463d1b539a7}
URLSearchHook: HKU\S-1-5-21-923862711-2733204016-223384989-1000 - Games.com Toolbar Search Class - {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - C:\Program Files (x86)\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
SearchScopes: HKLM -> DefaultScope {75E8A6AA-D2C9-4E08-93FF-6CD70EDCBBD7} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {75E8A6AA-D2C9-4E08-93FF-6CD70EDCBBD7} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKLM-x32 -> {75E8A6AA-D2C9-4E08-93FF-6CD70EDCBBD7} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-923862711-2733204016-223384989-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}853178
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
FF Extension: No Name - C:\Users\Marianna\AppData\Roaming\Mozilla\Firefox\Profiles\i7ln9raf.default\extensions\[email protected] [not found]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
2015-12-01 19:24 - 2012-10-10 21:05 - 00000274 _____ C:\Windows\Tasks\PlayFizz.job
Task: {1EEC7306-51E8-4431-B072-C09713FD0FAE} - System32\Tasks\{8CAF4BEC-4B0D-4E1D-BED5-3B401BB181D8} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {37D9C362-EE09-4408-A25B-A5E3CC0DDACF} - System32\Tasks\{6C739D6D-0608-40E5-8BE1-7FF0892B3904} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {3E564FBD-E038-4168-8575-CA2A173FD942} - System32\Tasks\PlayFizz => C:\Users\Marianna\AppData\Local\FizzPlatinum\Updater.exe
Task: {8EE947F1-734A-433A-9C6E-0A7F03047FF7} - \DriverUpdate Scan -> No File <==== ATTENTION
Task: C:\Windows\Tasks\PlayFizz.job => C:\Users\Marianna\AppData\Local\FizzPlatinum\Updater.exe
AlternateDataStreams: C:\ProgramData\Temp:01BEC24A
AlternateDataStreams: C:\ProgramData\Temp:3E7393FC
AlternateDataStreams: C:\ProgramData\Temp:598E8EA1
AlternateDataStreams: C:\ProgramData\Temp:C118E02A
C:\Program Files\Alwil Software
C:\Program Files (x86)\Games.com Toolbar
C:\Users\Marianna\AppData\Local\FizzPlatinum
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp: 
 
 
 
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\avast5 => value not found.
HKU\S-1-5-21-923862711-2733204016-223384989-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => key not found. 
HKU\S-1-5-21-923862711-2733204016-223384989-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e8fc057-b51d-11e2-8ad7-90e6ba04f921} => key not found. 
HKCR\CLSID\{8e8fc057-b51d-11e2-8ad7-90e6ba04f921} => key not found. 
HKU\S-1-5-21-923862711-2733204016-223384989-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0697562-ed91-11de-98ff-90e6ba04f921} => key not found. 
HKCR\CLSID\{a0697562-ed91-11de-98ff-90e6ba04f921} => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-923862711-2733204016-223384989-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{e3dce200-ae96-4a64-9fe7-b5d2d8569768} => value not found.
HKU\S-1-5-21-923862711-2733204016-223384989-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value not found.
HKU\S-1-5-21-923862711-2733204016-223384989-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e3dce200-ae96-4a64-9fe7-b5d2d8569768} => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75E8A6AA-D2C9-4E08-93FF-6CD70EDCBBD7} => key not found. 
HKCR\CLSID\{75E8A6AA-D2C9-4E08-93FF-6CD70EDCBBD7} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{75E8A6AA-D2C9-4E08-93FF-6CD70EDCBBD7} => key not found. 
HKCR\Wow6432Node\CLSID\{75E8A6AA-D2C9-4E08-93FF-6CD70EDCBBD7} => key not found. 
HKU\S-1-5-21-923862711-2733204016-223384989-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => key not found. 
HKCR\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found. 
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found. 
C:\Users\Marianna\AppData\Roaming\Mozilla\Firefox\Profiles\i7ln9raf.default\extensions\[email protected] => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} => value not found.
"C:\Windows\Tasks\PlayFizz.job" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EEC7306-51E8-4431-B072-C09713FD0FAE} => key not found. 
C:\Windows\System32\Tasks\{8CAF4BEC-4B0D-4E1D-BED5-3B401BB181D8} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8CAF4BEC-4B0D-4E1D-BED5-3B401BB181D8} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37D9C362-EE09-4408-A25B-A5E3CC0DDACF} => key not found. 
C:\Windows\System32\Tasks\{6C739D6D-0608-40E5-8BE1-7FF0892B3904} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6C739D6D-0608-40E5-8BE1-7FF0892B3904} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E564FBD-E038-4168-8575-CA2A173FD942} => key not found. 
C:\Windows\System32\Tasks\PlayFizz => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PlayFizz => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EE947F1-734A-433A-9C6E-0A7F03047FF7} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Scan => key not found. 
C:\Windows\Tasks\PlayFizz.job => not found.
"C:\ProgramData\Temp" => ":01BEC24A" ADS not found.
"C:\ProgramData\Temp" => ":3E7393FC" ADS not found.
"C:\ProgramData\Temp" => ":598E8EA1" ADS not found.
"C:\ProgramData\Temp" => ":C118E02A" ADS not found.
"C:\Program Files\Alwil Software" => not found.
"C:\Program Files (x86)\Games.com Toolbar" => not found.
"C:\Users\Marianna\AppData\Local\FizzPlatinum" => not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => -26978307 byte temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 20:46:02 ====
 
 
 
# AdwCleaner v5.025 - Logfile created 17/12/2015 at 20:30:11
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Marianna - MARIANNA-PC
# Running from : C:\Users\Marianna\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\ProgramData\Trymedia
 
***** [ Files ] *****
 
File Found : C:\Users\Marianna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmlmmllkclondemfbkhhkkepmkcdbjdi
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [769 bytes] ##########
 

  • 0

#15
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi hichicha

Lets keep going with the next steps on cleaning and also run Farbar Service Scanner to check for any services which may be affected. :)

Step1 - Clean with AdwCleaner
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options - untick Reset proxy settings and Reset winsock settings.
  • When finished, please click Cleaning button.
  • Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Step2 - Malwarebytes
  • Launch Malwarebytes Anti-Malware
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    oGHz2fO.png
  • Go back to Dashboard and click the green Scan Now button.
  • If threats are detected click on Apply actions, the program will ask to reboot the machine.
    MBAMReboot_zps9089ab30.jpg
  • Click Yes.
  • On completion of the scan (or after the reboot) select View Detailed Log
  • Click on Export Button, select Text File, give it the name MBAM Log and save the log to your Desktop.
  • Copy and Paste the contents of the log in your next reply.


    Step3 - ESET Scan

    Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

  • Please go here then click on esetbar_zps93905f48.jpg.
  • You will however need to disable your current installed Anti-Virus, how to do so can be read here.If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow Add-On/Active X to install.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
    2.JPG
  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • When completed select Uninstall application on close.
  • Now click on Finish.

    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Step4 - Farbar Service Scanner


    Please download Farbar Service Scanner to your desktop.
  • Locate the FSS.exe file and right click on it. Choose run as administrator
  • Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) on your desktop.
  • Please copy and paste the log to your reply.


    Things for your next post:
  • adwCleaner[S*].txt
  • MBAM Log
  • ESET log
  • FSS.txt
  • How is your computer running now - is it still freezing?

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP