Hello,
Okay, I tried to scan the computer with Malwarebytes and it found some 2,500 unwanted items. I then cleared them out and restarted the machine. Scanned it again and it found some 600 more.
I tried to go online but every time I tried to go to certain websites, a ton of popups or redirects would take over. So I hope you can help me find out whats going on and remove the issues.
Windows 7 64bit
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by punjab (administrator) on PUNJAB-PC on 02-05-2015 21:40:52
Running from C:\Users\punjab\Desktop
Loaded Profiles: punjab (Available profiles: punjab)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-05-21] (Softthinks)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-05-02] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-05-02] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-09-25]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-09-25]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\punjab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-10-15]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.6.0_18\bin\jp2ssv.dll No File
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-27] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-27] (Oracle Corporation)
BHO-x32: Norton Safe Web Lite BHO -> {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} -> C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll [2011-10-14] (Symantec Corporation)
BHO-x32: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File
Toolbar: HKLM-x32 - Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll [2011-10-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-11-05] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-11-05] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-11-05] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-11-05] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default
FF DefaultSearchEngine.US: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-27] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll [2015-01-09] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default\user.js [2015-04-16]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: 20-20 3D Viewer - WEB - C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default\Extensions\
[email protected] [2011-08-15]
FF Extension: azhangcloudaclcom - C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default\Extensions\
[email protected] [2015-04-15]
FF Extension: Roaming Rate - C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default\Extensions\{4084a2c4-f836-4884-9f5d-b4e31cc13dda}.xpi [2015-04-16]
FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST
FF Extension: Norton Safe Web Lite Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST [2015-04-26]
FF HKU\S-1-5-21-2405105115-4192906405-531811981-1000\...\Firefox\Extensions: [{ba5b6935-63e1-431c-8fc6-7504512d2b94}] - C:\Program Files (x86)\LyricsContainer\130.xpi
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-04-22] <==== ATTENTION
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tpl_tight2_15_06&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyyC0AyDyEyCzzyC0DyEtN0D0Tzu0StCtCtAtAtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StA0F0FyBtAzyzyzytG0A0C0A0EtGyE0B0DyDtG0ByDzy0AtGtAtD0Ezz0E0DyEyByBtByE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtB0BzzyE0BtByBtGtC0D0A0FtGyEtD0A0FtGzy0B0AtDtG0AtBtCyEtD0B0C0C0BzyyEyE2Q&cr=1354099757&ir=",
CHR DefaultSearchKeyword: Default -> taplika.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll No File
CHR Plugin: (Injovo Extension Plugin) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-27]
CHR Extension: (YouTube) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-27]
CHR Extension: (Google Search) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-27]
CHR Extension: (epindigjbiphgfhnmlpcocaiafjgbabe) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epindigjbiphgfhnmlpcocaiafjgbabe [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Skype Click to Call) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-20]
CHR Extension: (Google Wallet) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13]
CHR Extension: (Gmail) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-27]
CHR HKLM-x32\...\Chrome\Extension: [keaillmajpeodnbelalgeffidfcdgiem] - C:\Program Files (x86)\LyricsContainer\125.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 a9c2ee8a; c:\Program Files (x86)\TerminusBoost\TerminusBoost.dll [2329600 2015-05-02] () [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-08] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NSL; C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)
R2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
U0 rqjy; C:\Windows\System32\drivers\wsyjfbb.sys [79064 2015-04-27] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-02 21:40 - 2015-05-02 21:41 - 00022620 _____ () C:\Users\punjab\Desktop\FRST.txt
2015-05-02 21:40 - 2015-05-02 21:40 - 00000000 ____D () C:\FRST
2015-05-02 21:40 - 2015-05-02 21:34 - 02101248 _____ (Farbar) C:\Users\punjab\Desktop\FRST64.exe
2015-05-02 07:18 - 2015-05-02 07:18 - 00000000 ____D () C:\ProgramData\CheapCoupon
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Windows\system32\SPReview
2015-05-02 03:01 - 2015-05-02 03:01 - 00000000 ____D () C:\Program Files (x86)\TerminusBoost
2015-04-27 17:54 - 2015-04-27 17:54 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\wsyjfbb.sys
2015-04-26 16:23 - 2015-04-27 15:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 16:23 - 2015-04-26 16:23 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-26 16:23 - 2015-04-26 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 16:23 - 2015-04-26 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-26 16:23 - 2015-04-26 16:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-26 16:23 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-26 16:23 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-26 16:23 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-26 16:22 - 2015-04-26 16:21 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\punjab\Desktop\mbam-setup-2.1.6.1022.exe
2015-04-26 15:52 - 2015-04-26 16:03 - 00000000 ____D () C:\Users\punjab\Desktop\Slim In 6
2015-04-22 21:21 - 2015-04-22 21:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-19 08:25 - 2015-04-19 08:25 - 00669904 _____ () C:\Users\punjab\Downloads\Setup(10).exe
2015-04-19 08:24 - 2015-04-19 08:24 - 00669904 _____ () C:\Users\punjab\Downloads\Setup(9).exe
2015-04-19 07:22 - 2015-04-19 07:22 - 00000000 ____D () C:\Users\punjab\AppData\Roaming\MyTurboPC.com
2015-04-19 07:21 - 2015-04-24 10:40 - 00000000 ____D () C:\ProgramData\MyTurboPC.com
2015-04-19 07:19 - 2015-04-19 07:20 - 06431232 _____ (MyTurboPC.com) C:\Users\punjab\Downloads\Myturbopc.exe
2015-04-17 23:03 - 2015-04-17 23:03 - 00000000 ____D () C:\Users\punjab\AppData\Local\AdBlaster
2015-04-17 23:02 - 2015-04-17 23:02 - 01614456 _____ () C:\Users\punjab\Downloads\Setup(8).exe
2015-04-17 22:56 - 2015-04-17 22:57 - 00768512 _____ (Reimage®) C:\Users\punjab\Downloads\ReimageRepair.exe
2015-04-17 06:02 - 2015-04-17 06:02 - 00000000 _____ () C:\Windows\SysWOW64\sho6EFB.tmp
2015-04-16 09:51 - 2015-04-16 09:51 - 00000000 ____D () C:\ProgramData\T122078ED
2015-04-16 09:44 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-04-16 09:44 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-04-16 09:41 - 2015-04-16 09:41 - 01101552 _____ (Installer Setup) C:\Users\punjab\Downloads\Setup(7).exe
2015-04-11 20:19 - 2015-04-11 20:19 - 00000000 ____D () C:\Windows\pss
2015-04-11 20:17 - 2015-04-15 09:33 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-11 20:07 - 2015-05-02 03:01 - 00000000 ____D () C:\ProgramData\1e8b82f200000dfa
2015-04-11 19:55 - 2015-04-11 19:55 - 00000000 ____D () C:\Users\punjab\Documents\Optimizer Pro
2015-04-11 19:49 - 2015-04-27 17:54 - 00000000 ____D () C:\ProgramData\{65a8fd47-49b8-5906-65a8-8fd4749bf51d}
2015-04-11 19:49 - 2015-04-26 22:57 - 00000000 ____D () C:\Program Files (x86)\a69c3765-d22e-49c2-bc72-b4dc474f4798
2015-04-11 19:49 - 2015-04-11 19:49 - 00000000 ____D () C:\Users\punjab\AppData\Local\globalUpdate
2015-04-11 19:48 - 2015-04-11 19:48 - 00000000 ____D () C:\Users\Public\Documents\YTAHelper
2015-04-11 19:47 - 2015-04-11 20:15 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO
2015-04-11 19:47 - 2015-04-11 20:14 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-11 19:46 - 2015-04-11 19:46 - 00000000 ____D () C:\Users\punjab\AppData\Local\CrashRpt
2015-04-11 19:46 - 2015-04-11 19:46 - 00000000 ____D () C:\ProgramData\DVD Shrink
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-02 21:39 - 2014-02-09 17:27 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-05-02 21:39 - 2012-05-21 15:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 21:39 - 2011-03-17 18:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-02 20:00 - 2010-09-25 03:50 - 01090939 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 19:49 - 2012-06-02 10:44 - 00000000 ____D () C:\Users\punjab\AppData\Local\CrashDumps
2015-05-02 03:07 - 2009-07-14 00:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 03:07 - 2009-07-14 00:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-27 17:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-27 15:35 - 2014-07-27 10:29 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2015-04-27 15:30 - 2012-05-21 15:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-27 15:30 - 2012-05-21 15:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-27 15:30 - 2011-12-04 08:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-27 03:02 - 2009-07-14 01:13 - 00779788 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-26 23:05 - 2012-11-04 14:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-26 23:05 - 2010-10-17 03:22 - 01109010 _____ () C:\Windows\PFRO.log
2015-04-26 23:05 - 2010-09-25 06:42 - 00000000 ____D () C:\Windows\ShellNew
2015-04-26 23:05 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-26 23:05 - 2009-07-14 00:51 - 00100968 _____ () C:\Windows\setupact.log
2015-04-26 22:57 - 2013-08-06 18:02 - 00000000 ____D () C:\Program Files (x86)\FLVPlayer
2015-04-21 17:11 - 2011-01-19 15:07 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-04-21 17:11 - 2010-09-25 04:13 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-04-17 23:10 - 2012-11-04 14:30 - 00000927 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-17 23:10 - 2012-11-04 14:30 - 00000927 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-17 23:10 - 2010-10-15 16:56 - 00001068 _____ () C:\Users\punjab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-04-17 23:10 - 2010-10-15 16:55 - 00001068 _____ () C:\Users\punjab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-15 09:17 - 2012-12-16 15:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 09:16 - 2013-08-13 06:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 09:08 - 2010-10-22 11:59 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-13 19:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-11 20:44 - 2010-09-25 04:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-11 20:44 - 2010-09-25 04:49 - 00000000 ____D () C:\ProgramData\Skype
2015-04-11 20:37 - 2011-01-19 19:13 - 00000000 ____D () C:\Program Files (x86)\The Learning Company
2015-04-11 20:09 - 2012-05-05 14:20 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-04-11 20:03 - 2011-03-17 18:23 - 00000000 ____D () C:\Users\punjab\AppData\Local\Google
2015-04-11 19:59 - 2010-09-25 04:33 - 00000000 ____D () C:\ProgramData\Cozi
2015-04-11 19:57 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-11 19:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-04-10 20:50 - 2014-09-14 09:21 - 00000000 ____D () C:\Users\punjab\Documents\Recipes
2015-04-03 09:30 - 2010-10-15 16:52 - 00000000 ____D () C:\Users\punjab
2015-04-03 09:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
==================== Files in the root of some directories =======
2015-04-19 07:22 - 2015-04-23 22:23 - 0000115 _____ () C:\Users\punjab\AppData\Roaming\LogFile.txt
2014-12-06 18:49 - 2014-12-06 18:49 - 0000047 _____ () C:\Users\punjab\AppData\Roaming\WB.CFG
2015-02-07 19:03 - 2015-02-07 19:03 - 0000088 _____ () C:\Users\punjab\AppData\Local\46771c555068ec9634c2e77ff09000ce
2015-02-07 23:17 - 2015-02-07 23:17 - 0000001 _____ () C:\Users\punjab\AppData\Local\DSI.DAT
2011-11-10 14:09 - 2011-11-10 14:09 - 0000000 _____ () C:\Users\punjab\AppData\Local\{0DBE7D26-A085-4542-B048-02DE7A2F970B}
2011-12-03 18:50 - 2011-12-03 18:50 - 0000000 _____ () C:\Users\punjab\AppData\Local\{1C1E1EF6-8B4F-4A82-9334-07E7764F6FA4}
2011-11-10 14:11 - 2011-11-10 14:11 - 0000000 _____ () C:\Users\punjab\AppData\Local\{2E750281-8A02-46E6-9163-F2C4CB50EE92}
2011-11-04 17:40 - 2011-11-04 17:40 - 0000000 _____ () C:\Users\punjab\AppData\Local\{765B080F-BED4-4E8E-8641-F4971040A371}
2012-03-08 23:16 - 2012-03-09 10:23 - 0000432 _____ () C:\ProgramData\3z4TWdYrN4O8pS
2010-11-06 14:23 - 2010-11-06 14:23 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
2013-03-24 17:55 - 2013-03-24 18:35 - 0004715 _____ () C:\ProgramData\hpzinstall.log
2012-03-08 23:16 - 2012-03-09 10:20 - 0000288 _____ () C:\ProgramData\~3z4TWdYrN4O8pS
2012-03-08 23:16 - 2012-03-09 10:20 - 0000200 _____ () C:\ProgramData\~3z4TWdYrN4O8pSr
Some content of TEMP:
====================
C:\Users\punjab\AppData\Local\Temp\cabex.dll
C:\Users\punjab\AppData\Local\Temp\ClientToMobilePlatform.exe
C:\Users\punjab\AppData\Local\Temp\dvdshrink32setup.exe
C:\Users\punjab\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\punjab\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\punjab\AppData\Local\Temp\optprosetup.exe
C:\Users\punjab\AppData\Local\Temp\SpOrder.dll
C:\Users\punjab\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe
C:\Users\punjab\AppData\Local\Temp\_t5zjh8o.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-27 18:31
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by punjab at 2015-05-02 21:42:33
Running from C:\Users\punjab\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2405105115-4192906405-531811981-500 - Administrator - Disabled)
Guest (S-1-5-21-2405105115-4192906405-531811981-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2405105115-4192906405-531811981-1002 - Limited - Enabled)
punjab (S-1-5-21-2405105115-4192906405-531811981-1000 - Administrator - Enabled) => C:\Users\punjab
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4500_G510nz_Help_Web (x32 Version: 000.0.440.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510nz_web (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Adventures Deluxe (HKLM-x32\...\Bookworm Adventures Deluxe) (Version: - PopCap Games)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version: - PopCap Games)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon iP100 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP100_series) (Version: - )
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151 (Jun-27-2014) - Carbonite)
CheapCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - CheapCoupon) <==== ATTENTION
Chuzzle Deluxe (HKLM-x32\...\am-chuzzledeluxe) (Version: - gamehouse)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.40 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.209 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Officejet 4500 G510n-z (HKLM\...\{F27CFD16-939A-4232-98CD-180898D14713}) (Version: 13.0 - HP)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Minecraft Packages (HKU\S-1-5-21-2405105115-4192906405-531811981-1000\...\Minecraft Packages) (Version: - ) <==== ATTENTION
Motorola Driver Installation 4.6.0 (HKLM\...\{37DEBC1E-0A1F-448A-8DDD-A2FF4B1578EB}) (Version: 4.6.0 - Motorola Inc.)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Norton Safe Web Lite (HKLM-x32\...\NST) (Version: 2.0.0.16 - Symantec Corporation)
Plants vs. Zombies (HKLM-x32\...\am-plantsvszombiestm) (Version: - )
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.06.02 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
TerminusBoost (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{a9c2ee8a}) (Version: - Software Publisher) <==== ATTENTION
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Verizon Mobile Broadband Drivers (HKLM-x32\...\{F19553C5-F843-4C27-BF9F-9DE4D901B895}) (Version: 3.02.002.002 - Novatel Wireless)
Verizon Wireless MiFi-2200 Firmware Updates (HKLM-x32\...\{0E433CFD-B6FF-4D4E-A081-BB1A680D19A1}) (Version: 1.0.3 - Smith Micro Software, Inc.)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.67.0 - Verizon)
VZAccess Manager (HKLM-x32\...\{4F6471D6-9D91-4699-BA1A-B7AD33E46546}) (Version: 7.3.11.1 - Smith Micro Software Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.0.11.2 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.10.2 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zuma Deluxe (HKLM-x32\...\Zuma Deluxe) (Version: - PopCap Games)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
29-04-2015 03:25:38 Scheduled Checkpoint
30-04-2015 06:57:49 Windows Update
30-04-2015 07:17:53 Windows Update
01-05-2015 03:00:37 Windows Update
02-05-2015 03:00:39 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2013-08-13 06:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {33F08EFF-1CDC-4874-8BAB-099738B985AD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3A890F8F-9103-45BC-8816-B0F796359CD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {3E92858E-7BF8-40E0-9FCE-6871C65D94D3} - \Inst_Rep No Task File <==== ATTENTION
Task: {521C9137-7AFD-4884-A888-3D1B786C8B17} - System32\Tasks\{B41442BC-4BC7-43A5-BE64-A0E6D816CDB5} => pcalua.exe -a "C:\Users\punjab\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM0H498G\BWASetup[1].exe" -d C:\Users\punjab\Desktop
Task: {549C35A4-01F8-4EC3-95C7-C6BCC576A7AA} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {7E1E0C3A-5819-4973-8F37-491DEDB88693} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {9685888C-081B-42BD-8235-3B29E171EBBF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2405105115-4192906405-531811981-1000
Task: {9A1E1279-367A-44A3-B917-C43AD4BBDA6F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A9E5C990-D962-4015-A273-343C06D7204D} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {ABF1F0AF-4E76-4783-A042-4BD14E7A83D5} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {AF3F8A19-5758-4739-8A5D-783B3D387A19} - System32\Tasks\{F2BCF66D-6CD5-426F-80DE-7DE3BAACCA4E} => pcalua.exe -a "C:\Users\punjab\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7XUDWO2\download[1].exe" -d C:\Users\punjab\Desktop
Task: {B422DBB2-CF3A-4D6C-A353-B8196214A008} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C398F948-4D5F-47DF-9A43-AC34072707DC} - System32\Tasks\4821 => Wscript.exe C:\Users\punjab\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {CF11E501-3AF3-4D05-A484-F6EFA487F1D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27] (Adobe Systems Incorporated)
Task: {E8921860-17ED-4071-81BD-B3BE08308514} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2010-09-25 04:58 - 2010-05-21 13:00 - 00783680 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2012-12-04 05:36 - 2012-12-04 05:36 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\3d8291e96c1f38d0ef71531fc871d956\VistaBridgeLibrary.ni.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2010-09-25 04:57 - 2010-05-21 12:58 - 00116032 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 00128320 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 01123648 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-09-25 04:57 - 2010-05-21 12:59 - 00079168 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 00234816 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 00075072 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 00111936 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 00121152 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2012-12-04 05:16 - 2012-12-04 05:16 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f08caa57275e16ad5cfaf4483f93b658\IsdiInterop.ni.dll
2010-09-25 04:24 - 2010-06-08 11:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-05-02 03:01 - 2015-05-02 03:01 - 02329600 _____ () c:\Program Files (x86)\TerminusBoost\TerminusBoost.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\punjab\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GamesAppIntegrationService => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupfolder: C:^Users^punjab^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hqghumeaylnlf.lnk => C:\Windows\pss\hqghumeaylnlf.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{91866116-323E-4EF8-B643-264F1A26ACE0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{F8A71591-2002-4C27-883A-BED4AD3D3B73}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7E88D1E6-7048-4652-8859-B6A812A9C94D}] => (Allow) svchost.exe
FirewallRules: [{FBC957E6-AEA8-4AB1-B018-DD8C4DD40EE5}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{CF382154-C18B-4EE3-84BB-3912A7FB0547}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{043D53BF-A604-42D8-95DD-B7EF7E9D1D2F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{CD55F3B1-AEAD-4689-A3FF-A4C462D35B11}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{2B000A0F-B612-44DC-A061-7E3118A4D0CD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D1890E30-DBF0-4D44-B2AD-1B8C54DEEC68}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B106997-A1EE-44A6-ADDA-5D47D220F896}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B8992EAF-AE3C-4381-964B-9E6145A4593B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3D49AF95-A0A1-4CED-BFAC-ECC793CB61F1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{22571417-722B-4D52-8A9E-0890B2AFE0A2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{BB810BD3-CBAE-4D8F-B5D2-3A2AD88DE0D3}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{BCF03F22-A20F-4554-BEE1-5AEAE4E07F56}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{07C95A63-739F-498B-9325-A58D0E98A609}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{C152E402-5859-4C5D-ABE1-4DDB8F971419}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [TCP Query User{5DC28558-4FAC-4747-9183-C5AD2157D4BC}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{1BB3BC9D-C472-4C2E-9485-FE430F024B97}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{D54144EE-C11D-4B69-95F4-6D381207D1F0}] => (Allow) C:\Users\punjab\AppData\Local\Temp\Incredibar_install.exe
FirewallRules: [{381186E3-7418-4A9A-9804-6550D7841A11}] => (Allow) C:\Users\punjab\AppData\Local\Temp\Incredibar_install.exe
FirewallRules: [{1F82158C-58EE-43BE-ABA8-9209B8BC2D2E}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{03825541-A0CC-43B2-94D7-59E77C162A77}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{8E591CA5-1865-43F9-8534-D380DBAAC353}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{6225CC01-E2A0-4D6F-BD70-9E4E988D32CA}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{85B83C72-80E5-419C-8AAA-6FECA696E774}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{A606E1DF-B246-4862-9966-1443C24018DD}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{8979AF37-9B2B-46E0-9F74-3E26D5630D8A}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{4CE02929-4611-492F-85CF-0BB3CDB08062}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{6574F663-419D-481F-A6E1-2643087024F6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\outlook.exe
FirewallRules: [{C2E53016-3EB4-4EF4-8038-E17B01673DD9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{6475E007-DEB1-4EE8-99D7-0C2F40B52186}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{DCB93EDE-E197-405D-8CED-8DA34ACC5040}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{36737D09-2E1E-42E6-89E3-AA32D3CA011E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{30CED065-968D-4175-B62F-235A7A6FEED5}] => (Allow) C:\Users\punjab\AppData\Local\Temp\HP\OJ4500vG510n-z_Basic_13_en\setup\hpznui40.exe
FirewallRules: [{D47ECA4D-2334-402B-8058-C01BF6FE70DA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{C961D5C4-953A-45F2-AFA8-5B441B04BDBF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{919F25F8-4992-4AF2-976B-7106A76E68A8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{9CFC3D98-E170-460A-B1D0-DA0A3E66265E}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{531DEB25-B2D7-4699-8E2E-CB7D215C9389}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{B517595C-7012-48A6-A407-4ED0F4494585}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{217FCE57-518E-45B8-B5EB-1C8507D0A18D}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{9FB44038-C94E-4D65-B57F-6BF3CAAD9093}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{34AED249-38DB-4544-B71D-9619BEE1DB0B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C7AA0AFE-13F8-43D9-AD69-FCAD8418E167}] => (Allow) C:\Users\punjab\AppData\Local\Temp\ctmpua.exe
FirewallRules: [{D53661C6-93DC-42FB-B4A1-74CC365F38FD}] => (Allow) C:\Users\punjab\AppData\Local\Temp\ctmpua.exe
==================== Faulty Device Manager Devices =============
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/02/2015 07:49:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1270
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Error: (05/02/2015 07:49:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 37.0.2.5583 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 11b8
Start Time: 01d08531b887f106
Termination Time: 126
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: cf9d6f05-f125-11e4-ab44-061bb145308c
Error: (05/02/2015 03:00:33 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{a2e36b31-c878-11df-8b58-806e6f6e6963} - 000000000000011C,0x0053c008,000000000041FFD0,0,0000000000420FE0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.
Operation:
Processing EndPrepareSnapshots
Context:
Execution Context: System Provider
Error: (05/01/2015 03:20:15 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
Error: (04/30/2015 07:28:03 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (04/30/2015 07:16:48 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
Error: (04/29/2015 03:20:42 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
Error: (04/28/2015 03:19:39 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
Error: (04/27/2015 06:33:34 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
Error: (04/26/2015 11:03:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service GamesAppIntegrationService since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
System errors:
=============
Error: (05/02/2015 07:53:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.197.1088.0
Update Source: %NT AUTHORITY59
Update Stage: 4.7.0205.00
Source Path: 4.7.0205.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/02/2015 03:00:28 AM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.
Error: (04/30/2015 07:19:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.197.1088.0).
Error: (04/30/2015 07:19:36 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.197.1088.0
Update Source: %NT AUTHORITY59
Update Stage: 4.7.0205.00
Source Path: 4.7.0205.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (04/30/2015 07:19:35 AM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update the engine.
New Engine Version:
Previous Engine Version: 2.0.8001.0
Engine Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Error Code: %NT AUTHORITY601
Error description: %NT AUTHORITY602
Error: (04/30/2015 07:19:35 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 11.159.0.0
Update Source: %NT AUTHORITY15
Update Stage: 4.7.0205.00
Source Path: 4.7.0205.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (04/29/2015 03:25:33 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
Error: (04/28/2015 03:22:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.197.813.0).
Error: (04/28/2015 03:22:22 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.197.813.0
Update Source: %NT AUTHORITY59
Update Stage: 4.7.0205.00
Source Path: 4.7.0205.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (04/28/2015 03:22:22 AM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update the engine.
New Engine Version:
Previous Engine Version: 2.0.8001.0
Engine Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Error Code: %NT AUTHORITY601
Error description: %NT AUTHORITY602
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-08-13 06:32:53.650
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-08-13 06:32:53.556
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-08-13 06:32:53.463
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-08-13 06:32:53.354
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-04-30 10:05:34.534
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-04-30 10:05:34.316
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 31%
Total physical RAM: 4058.36 MB
Available physical RAM: 2796.46 MB
Total Pagefile: 8114.84 MB
Available Pagefile: 6474.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:212.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (NEW VOLUME) (Removable) (Total:29.81 GB) (Free:16.68 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 51ED4EC9)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 29.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================