Solved Ads by Info Infection

fan1bsb97 · Feb 1, 2015

Ads by Info has infected Firefox. I tried all the things sites I found told me to do, such as try to uninstall a program or extension but nothing is there. Scans aren't picking it up.

Windows 8, 64-bit

Please and thank you in advance.

Broni · Feb 1, 2015

You've been to this forum before so you should know the drill....

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

fan1bsb97 · Feb 2, 2015

Here's the MWB scan. It don't let me run the DDs one saying it can't run in compatibility mode.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/1/2015
Scan Time: 11:55:19 PM
Logfile: mwb.txt
Administrator: No

Version: 2.00.4.1028
Malware Database: v2015.02.01.07
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Joanna

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359846
Time Elapsed: 9 hr, 21 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-2802446628-2056013772-2352947291-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://search.yahoo.com/?type=667671&fr=spigot-yhp-ie, Good: (www.google.com), Bad: (https://search.yahoo.com/?type=667671&fr=spigot-yhp-ie),Replaced,[99b2f6237c0e69cd56bd23816a9b6b95]

Folders: 1
PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],

Files: 13
PUP.Optional.CrossRider.A, C:\Users\Joanna\AppData\Local\Temp\setup.exe, Quarantined, [c88328f1266479bd8aa5b82e827fd42c],
PUP.Optional.Somoto, C:\Users\Joanna\AppData\Local\Temp\nsgB318.tmp, Quarantined, [9faced2c54363cfa412f3fd8cc395ba5],
PUP.Optional.OpenCandy, C:\Users\Joanna\AppData\Local\Temp\is-41FQF.tmp\OCSetupHlp.dll, Quarantined, [3d0e8c8dddad9d99e744ddf82ed7c838],
PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\GoogleCrashHandler.exe, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\GoogleUpdate.exe, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\GoogleUpdateBroker.exe, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\GoogleUpdateHelper.msi, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\GoogleUpdateOnDemand.exe, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\goopdate.dll, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\goopdateres_en.dll, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\npGoogleUpdate4.dll, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\psmachine.dll, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\psuser.dll, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],

Physical Sectors: 0
(No malicious items detected)

(end)

Broni · Feb 2, 2015

Please do NOT use "quotes" for posting logs.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download

Malwarebytes Anti-Rootkit (MBAR) to your desktop.

Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Double click on downloaded file. OK self extracting prompt.
MBAR will start. Click "Next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

fan1bsb97 · Feb 2, 2015

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Joanna [Administrator]
Mode : Delete -- Date : 02/02/2015 19:40:24

¤¤¤ Processes : 3 ¤¤¤
[Suspicious.Path] ViStart.exe(3632) -- C:\Users\Joanna\AppData\Roaming\ViStart\ViStart.exe[-] -> Killed [TermProc]
[Suspicious.Path] MetroProvider.exe(4388) -- C:\Users\Joanna\AppData\Roaming\ViStart\Plugins\MetroProvider.exe[-] -> Killed [TermProc]
[Suspicious.Path] SearchProvider.exe(4412) -- C:\Users\Joanna\AppData\Roaming\ViStart\Plugins\SearchProvider.exe[-] -> Killed [TermThr]

¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Windows\CurrentVersion\Run | ViStart : C:\Users\Joanna\AppData\Roaming\ViStart\ViStart.exe [-] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Windows\CurrentVersion\Run | ViStart : C:\Users\Joanna\AppData\Roaming\ViStart\ViStart.exe -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 9 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 support.apowersoft.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.apowersoft.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 apowersoft.com

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 38e053e0e938a7a4f10c85ee2a1e65ee
[BSP] c3b7010cce6223532639cd351aa46584 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 122104 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_02022015_193919.log

fan1bsb97 · Feb 2, 2015

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
main: v2015.02.02.05
rootkit: v2015.01.14.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17498
Joanna :: NEWBIE [administrator]

2/2/2015 7:48:18 PM
mbar-log-2015-02-02 (19-48-18).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 363633
Time elapsed: 54 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Joanna\AppData\Roaming\ViStart\KillMe.exe (Adware.Bundler) -> Delete on reboot. [3e6fb2673357c86ec3d4af94da2be917]
C:\Users\Joanna\Downloads\Unconfirmed 289318.crdownload (Adware.Bundler) -> Delete on reboot. [c0ed57c247430630e0b7bb88778e8f71]
C:\Users\Joanna\Downloads\Unconfirmed 470392.crdownload (Adware.Bundler) -> Delete on reboot. [555879a0c3c754e2b0e70f3475903fc1]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17498

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 17071108096, free: 12541448192

Downloaded database version: v2015.02.02.05
Downloaded database version: v2015.01.14.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
------------ Kernel report ------------
02/02/2015 19:48:08
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\fvec.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\DLACDBHE.SYS
\SystemRoot\System32\Drivers\DRVECDB.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_E.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\povrtdev.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\Apowersoft_AudioDevice.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\Drivers\DRVEDDM.SYS
\SystemRoot\System32\Drivers\DLADResE.SYS
\SystemRoot\System32\Drivers\DLAIFS_E.SYS
\SystemRoot\System32\Drivers\DLAOPIOE.SYS
\SystemRoot\System32\Drivers\DLAPoolE.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\Drivers\DLABMFSE.SYS
\SystemRoot\System32\Drivers\DLABOIOE.SYS
\SystemRoot\System32\Drivers\DLAUDFAE.SYS
\SystemRoot\System32\Drivers\DLAUDF_E.SYS
\SystemRoot\System32\drivers\WinUSB.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.02.02.05
rootkit: v2015.01.14.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe001c6973060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001c6973a40, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001c6973060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001c69747d0, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffe001c4a98720, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 40BEBE1B

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 250069679

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 934449322
GPT Header CurrentLba = 1 BackupLba 1465149167
GPT Header FirstUsableLba 34 LastUsableLba 1465149134
GPT Header Guid f6691af3-10b2-4394-b3e3-60bcaaaf54a8
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 934449322
Backup GPT header CurrentLba = 1465149167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134
Backup GPT header Guid f6691af3-10b2-4394-b3e3-60bcaaaf54a8
Backup GPT header Contains 128 partition entries starting at LBA 1465149135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 77f4eeb6-9cf2-401f-acc8-ae9737b9ecaa
FirstLBA 2048 Last LBA 821247
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 23b5932-2cfd-41b0-98b1-f87dfcea2c
FirstLBA 821248 Last LBA 1353727
Attributes 0
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 282b5b95-eb58-4e02-a016-a72423d51a98
FirstLBA 1353728 Last LBA 1615871
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 6652b544-17bb-436b-80a0-d7c269a7681b
FirstLBA 1615872 Last LBA 1405407231
Attributes 0
Partition Name Basic data partition

Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID d98158bb-4641-483c-8523-a4c8266de836
FirstLBA 1405407232 Last LBA 1406124031
Attributes 1
Partition Name

Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 6a7f9908-2f39-4ed4-b24-5328d3193c1c
FirstLBA 1406124032 Last LBA 1465137151
Attributes 1
Partition Name Basic data partition

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Infected: C:\Users\Joanna\AppData\Roaming\ViStart\KillMe.exe --> [Adware.Bundler]
Infected: C:\Users\Joanna\Downloads\Unconfirmed 289318.crdownload --> [Adware.Bundler]
Infected: C:\Users\Joanna\Downloads\Unconfirmed 470392.crdownload --> [Adware.Bundler]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Broni · Feb 2, 2015

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

fan1bsb97 · Feb 3, 2015

# AdwCleaner v4.109 - Report created 01/02/2015 at 23:23:05
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Joanna - NEWBIE
# Running from : C:\Users\Joanna\Downloads\adwcleaner_4.109.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage
File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage-journal
File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\WINDOWS\System32\drivers\hssdrv6.sys
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Users\Joanna\AppData\Local\CrashRpt
Folder Found : C:\Users\Joanna\AppData\Local\globalUpdate
Folder Found : C:\Users\Joanna\AppData\Roaming\Opera Software\Opera Stable\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;*.local
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://search.yahoo.com/?type=667671&fr=spigot-yhp-ie

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

-\\ Google Chrome v

-\\ Opera v27.0.1689.54

*************************

AdwCleaner[R0].txt - [2819 octets] - [01/02/2015 23:01:00]
AdwCleaner[R1].txt - [2814 octets] - [01/02/2015 23:23:05]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2874 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Joanna on Tue 02/03/2015 at 17:29:01.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Joanna\AppData\Roaming\mozilla\firefox\profiles\x4ce2o8w.default\minidumps [5 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/03/2015 at 17:30:56.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

fan1bsb97 · Feb 3, 2015

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Joanna (administrator) on NEWBIE on 03-02-2015 17:38:45
Running from C:\Users\Joanna\Desktop
Loaded Profiles: Joanna (Available profiles: Joanna)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\System32\valWBFPolicyService.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Lee-Soft.com) C:\Users\Joanna\AppData\Roaming\ViStart\Plugins\MetroProvider.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Lee-Soft.com) C:\Users\Joanna\AppData\Roaming\ViStart\ViStart.exe
(Lee Chantrey) C:\Users\Joanna\AppData\Roaming\ViStart\Plugins\SearchProvider.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-22] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-04-26] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [Google Update] => C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-28] (Google Inc.)
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [GoogleChromeAutoLaunch_B50826638171B982A76266700AE576E6] => C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-01-26] (Google Inc.)
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [ViStart] => C:\Users\Joanna\AppData\Roaming\ViStart\ViStart.exe [1306624 2013-04-17] (Lee-Soft.com)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2802446628-2056013772-2352947291-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2802446628-2056013772-2352947291-1001 -> {C5546EA0-70B0-4F91-8C65-A61C602DEF1C} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=667671&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-2802446628-2056013772-2352947291-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=667671&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-2802446628-2056013772-2352947291-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Joanna\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2802446628-2056013772-2352947291-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Joanna\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: ActiveGS - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\activegs@freetoolsassociation.com [2013-06-18]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\artur.dubovoy@gmail.com [2015-01-11]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\LogMeInClient@logmein.com [2014-11-04]
FF Extension: privateTabinfocatcher - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\privateTab@infocatcher [2015-01-28]
FF Extension: Classic Theme Restorer - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-11]
FF Extension: Gmail Notifier (restartless) - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2014-02-09]
FF Extension: Tumblr Savior - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi [2014-01-22]
FF Extension: Pin It Button - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-11-08]
FF Extension: XKit - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\xkit@studioxenix.com.xpi [2014-12-27]
FF Extension: Stylish - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-11-12]
FF Extension: Greasemonkey - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-02-23]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-02-02]

Chrome:
=======
CHR Profile: C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-28]
CHR Extension: (Google Drive) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-28]
CHR Extension: (Google Search) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-28]
CHR Extension: (Gmail™ Notifier) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2014-12-04]
CHR Extension: (Tampermonkey) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-06]
CHR Extension: (Stylish) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-11-07]
CHR Extension: (XKit) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-12-24]
CHR Extension: (Pin It Button) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-01-19]
CHR Extension: (Emoji Input) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\immhpnclomdloikkpcefncmfgjbkojmh [2014-12-16]
CHR Extension: (Website Logon) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2014-05-16]
CHR Extension: (FVD Downloader) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2015-01-16]
CHR Extension: (Google Wallet) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR Extension: (Gmail) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S4 RemoteRegistry; C:\Windows\SysWOW64\regsvc.dll [1556480 2013-08-23] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-04-26] (IDT, Inc.) [File not signed]
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-20] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R2 DLABMFSE; C:\Windows\System32\Drivers\DLABMFSE.SYS [46448 2007-07-23] (Roxio)
R2 DLABOIOE; C:\Windows\System32\Drivers\DLABOIOE.SYS [42352 2007-07-23] (Roxio)
R0 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [17776 2007-07-23] (Roxio)
R2 DLADResE; C:\Windows\System32\Drivers\DLADResE.SYS [9968 2007-07-23] (Roxio)
R2 DLAIFS_E; C:\Windows\System32\Drivers\DLAIFS_E.SYS [146672 2007-07-23] (Roxio)
R2 DLAOPIOE; C:\Windows\System32\Drivers\DLAOPIOE.SYS [35056 2007-07-23] (Roxio)
R2 DLAPoolE; C:\Windows\System32\Drivers\DLAPoolE.SYS [19824 2007-07-23] (Roxio)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [41072 2007-07-23] (Roxio)
R2 DLAUDFAE; C:\Windows\System32\Drivers\DLAUDFAE.SYS [135152 2007-07-23] (Roxio)
R2 DLAUDF_E; C:\Windows\System32\Drivers\DLAUDF_E.SYS [144112 2007-07-23] (Roxio)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [124112 2007-07-23] (Sonic Solutions)
R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63984 2007-07-23] (Roxio)
R3 msvad_simple; C:\Windows\system32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-03-07] (Synaptics Incorporated)
S3 SndTAudio; C:\Windows\system32\drivers\SndTAudio.sys [34504 2013-12-16] (Windows (R) Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-02] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 17:38 - 2015-02-03 17:39 - 00027326 _____ () C:\Users\Joanna\Desktop\FRST.txt
2015-02-03 17:38 - 2015-02-03 17:38 - 00000000 ____D () C:\FRST
2015-02-03 17:37 - 2015-02-03 17:37 - 02131456 _____ (Farbar) C:\Users\Joanna\Desktop\FRST64.exe
2015-02-03 17:30 - 2015-02-03 17:30 - 00000755 _____ () C:\Users\Joanna\Desktop\JRT.txt
2015-02-03 17:29 - 2015-02-03 17:29 - 00000000 ____D () C:\Users\Joanna\AppData\Local\CrashDumps
2015-02-03 17:28 - 2015-02-03 17:28 - 01388274 _____ (Thisisu) C:\Users\Joanna\Desktop\JRT.exe
2015-02-03 17:27 - 2015-02-03 17:27 - 01388274 _____ (Thisisu) C:\Users\Joanna\Downloads\132C.tmp
2015-02-03 17:17 - 2015-02-03 17:17 - 00002571 _____ () C:\Users\Joanna\Desktop\AdwCleaner[S0].txt
2015-02-02 22:40 - 2015-02-02 22:43 - 275100512 ____R () C:\Users\Joanna\Desktop\castle.713.hdtv.real-lol.mp4
2015-02-02 22:39 - 2015-02-02 22:39 - 00002870 _____ () C:\Users\Joanna\Desktop\Castle.2009.S07E13.HDTV.x264.REAL-LOL.torrent
2015-02-02 20:57 - 2015-02-02 20:57 - 00000995 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2015-02-02 20:57 - 2015-02-02 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-02-02 20:56 - 2015-02-02 20:56 - 02707360 _____ () C:\Users\Joanna\Downloads\mp3tagv266setup.exe
2015-02-02 20:25 - 2015-02-02 20:25 - 02004309 _____ () C:\Users\Joanna\Desktop\demoThemeBundleforUpperElementaryrdththgrades.zip
2015-02-02 19:48 - 2015-02-03 08:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-02 19:47 - 2015-02-02 20:45 - 00000000 ____D () C:\Users\Joanna\Desktop\mbar
2015-02-02 19:47 - 2015-02-02 19:47 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Joanna\Desktop\mbar-1.08.3.1004.exe
2015-02-02 19:30 - 2015-02-02 19:30 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-02 19:30 - 2015-02-02 19:30 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-02 19:10 - 2015-02-02 19:10 - 15431256 _____ () C:\Users\Joanna\Desktop\RogueKiller.exe
2015-02-02 00:21 - 2015-02-02 00:21 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-02 00:21 - 2015-02-02 00:21 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-02 00:21 - 2015-02-02 00:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-02 00:18 - 2015-02-02 00:18 - 00243440 _____ () C:\Users\Joanna\Downloads\Firefox Setup Stub 35.0.1.exe
2015-02-01 23:55 - 2015-02-01 23:55 - 00688992 _____ (Swearware) C:\Users\Joanna\Downloads\dds.com
2015-02-01 23:06 - 2015-02-01 23:06 - 00000000 _____ () C:\autoexec.bat
2015-02-01 23:01 - 2015-02-01 23:01 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-01 23:00 - 2015-02-03 17:15 - 00000000 ____D () C:\AdwCleaner
2015-02-01 23:00 - 2015-02-01 23:00 - 02194432 _____ () C:\Users\Joanna\Downloads\adwcleaner_4.109.exe
2015-02-01 15:45 - 2015-02-01 16:52 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-01 15:41 - 2015-02-01 15:41 - 03533528 _____ (DVDVideoSoft Ltd. ) C:\Users\Joanna\Downloads\FreeStudio (2).exe
2015-02-01 15:37 - 2015-02-01 15:37 - 03533528 _____ (DVDVideoSoft Ltd. ) C:\Users\Joanna\Downloads\FreeStudio (1).exe
2015-02-01 15:36 - 2015-02-01 16:52 - 00001261 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-02-01 15:34 - 2015-02-01 15:34 - 03529744 _____ (DVDVideoSoft Ltd. ) C:\Users\Joanna\Downloads\FreeAVIVideoConverter.exe
2015-02-01 08:58 - 2015-02-01 08:58 - 00001765 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-01 08:58 - 2015-02-01 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-01 08:57 - 2015-02-01 08:58 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-01 08:57 - 2015-02-01 08:58 - 00000000 ____D () C:\Program Files\iTunes
2015-02-01 08:57 - 2015-02-01 08:57 - 00000000 ____D () C:\Program Files\iPod
2015-02-01 08:57 - 2015-02-01 08:57 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-26 16:06 - 2015-02-02 09:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 08:39 - 2015-01-24 08:39 - 00247610 _____ () C:\Users\Joanna\Documents\cc_20150124_083915.reg
2015-01-24 00:07 - 2015-01-24 00:07 - 00430973 _____ () C:\Users\Joanna\Downloads\us.zip
2015-01-24 00:06 - 2015-01-24 00:08 - 60498886 _____ () C:\Users\Joanna\Downloads\rockyou.txt.bz2
2015-01-23 23:58 - 2015-02-01 22:54 - 00000000 ____D () C:\Program Files (x86)\RAR Password Unlocker
2015-01-23 23:58 - 2015-01-23 23:58 - 01937696 _____ () C:\Users\Joanna\Downloads\winrar-x64-521b1.exe
2015-01-23 23:58 - 2015-01-23 23:58 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-23 23:58 - 2015-01-23 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-23 23:56 - 2015-01-23 23:56 - 03221420 _____ () C:\Users\Joanna\Downloads\RAR Password Unlocker by AwesomeTutorials.rar
2015-01-23 23:46 - 2015-01-23 23:46 - 00389754 _____ (dnSoft Research Group) C:\Users\Joanna\Downloads\rpc420_setup.exe
2015-01-23 18:37 - 2015-01-23 19:19 - 2332997625 _____ () C:\Users\Joanna\Desktop\Castle.S07E12.Private.Eye.Caramba.1080p.WEB-DL.DD5.1.H.264-ECI.mp4
2015-01-23 18:18 - 2015-01-23 18:35 - 1804931134 ____R () C:\Users\Joanna\Desktop\Castle.S07E12.Private.Eye.Caramba.1080p.WEB-DL.DD5.1.H.264-ECI.mkv
2015-01-23 17:45 - 2015-01-23 17:45 - 13338017 _____ (RAR Password Unlocker, Inc. ) C:\Users\Joanna\Downloads\rar_password_unlocker_trial.exe
2015-01-22 21:08 - 2015-01-22 21:08 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-22 21:07 - 2015-01-22 21:07 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Joanna\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-19 21:03 - 2015-01-19 21:07 - 295079237 _____ () C:\Users\Joanna\Desktop\castle.2009.712.hdtv-lol.mp4
2015-01-18 23:14 - 2015-01-18 23:16 - 00000000 ____D () C:\Users\Joanna\Desktop\Boy Meets World Season 1 - 7 DVDRip
2015-01-18 21:24 - 2015-02-02 19:30 - 00000000 ____D () C:\Users\Joanna\Desktop\Boy Meets World
2015-01-17 13:44 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-17 13:44 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-16 07:26 - 2015-01-16 07:26 - 00000860 _____ () C:\Users\Joanna\Desktop\µTorrent.lnk
2015-01-14 06:18 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 06:18 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 06:18 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 06:18 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 06:18 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 06:18 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 06:18 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 06:18 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 06:18 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 06:18 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 06:18 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 06:18 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 06:18 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 06:18 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 06:18 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 06:18 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 06:18 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 06:18 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 06:18 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 06:18 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 06:18 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 06:18 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 06:18 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 06:18 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 06:18 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 06:18 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 06:18 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 06:18 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 06:18 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 06:18 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 06:18 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-10 00:17 - 2015-01-10 00:17 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\LJ-Sec
2015-01-10 00:10 - 2015-01-10 00:10 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LJ-Sec
2015-01-10 00:10 - 2015-01-10 00:10 - 00000000 ____D () C:\Program Files (x86)\LJ-SecInstall
2015-01-05 19:52 - 2015-01-07 19:37 - 00000000 ____D () C:\Users\Joanna\Desktop\Friends.S09.Season.9.720p.BluRay.x264-PublicHD

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 17:35 - 2013-04-28 16:03 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\ViStart
2015-02-03 17:16 - 2014-10-27 18:24 - 00000350 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForJoanna.job
2015-02-03 17:16 - 2014-10-02 17:15 - 00034072 _____ () C:\WINDOWS\PFRO.log
2015-02-03 17:16 - 2014-09-27 10:20 - 00005936 _____ () C:\WINDOWS\setupact.log
2015-02-03 17:16 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-03 17:14 - 2013-04-26 00:20 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AC16CF4C-C03E-4E41-9FE2-F9829B69173E}
2015-02-03 17:02 - 2013-04-26 00:26 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2802446628-2056013772-2352947291-1001
2015-02-03 16:55 - 2013-04-26 21:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-03 16:45 - 2013-04-28 21:31 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2802446628-2056013772-2352947291-1001UA.job
2015-02-03 16:38 - 2014-09-24 17:21 - 01093065 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-03 16:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-03 08:50 - 2014-10-27 18:24 - 00003166 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForJoanna
2015-02-03 08:50 - 2014-06-03 19:26 - 00003826 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1397778706
2015-02-03 08:50 - 2014-04-17 18:51 - 00001057 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-02-03 08:50 - 2014-04-17 18:51 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-03 08:43 - 2014-03-07 18:42 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\uTorrent
2015-02-03 07:19 - 2014-08-19 21:19 - 00000000 ____D () C:\Users\Joanna\AppData\Local\Adobe
2015-02-03 00:27 - 2013-11-25 16:10 - 00001704 _____ () C:\Users\Joanna\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-02-02 22:45 - 2014-11-24 17:39 - 00000000 ____D () C:\Users\Joanna\Desktop\Castle Gifs
2015-02-02 22:40 - 2013-04-28 11:09 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\mIRC
2015-02-02 22:35 - 2013-07-16 15:27 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\vlc
2015-02-02 22:07 - 2013-06-25 20:50 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\Mp3tag
2015-02-02 20:57 - 2013-04-27 15:29 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2015-02-02 20:51 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-02 20:02 - 2013-09-29 23:04 - 00962424 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-02 19:48 - 2014-07-11 15:42 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 19:47 - 2014-07-11 15:42 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-02 09:17 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Branding
2015-02-01 16:52 - 2014-06-10 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-01 16:49 - 2014-10-27 21:09 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-02-01 16:49 - 2013-06-19 19:31 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\DVDVideoSoft
2015-02-01 16:01 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-01 12:52 - 2014-06-30 07:47 - 00000000 ____D () C:\Users\Joanna\Desktop\Friends
2015-02-01 12:51 - 2014-11-26 19:34 - 00000000 ____D () C:\Users\Joanna\Desktop\Friends Gifs
2015-02-01 08:57 - 2013-04-27 18:40 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-30 07:27 - 2013-04-26 20:01 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-01-30 07:27 - 2013-04-26 20:01 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-28 06:47 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-27 22:42 - 2014-07-16 20:14 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-26 16:50 - 2013-04-27 06:01 - 00000000 ____D () C:\Users\Joanna\Desktop\Movies
2015-01-24 15:20 - 2014-12-13 20:05 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 15:20 - 2014-12-13 20:05 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 15:11 - 2013-05-01 19:06 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-24 14:55 - 2013-04-26 21:15 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-24 08:31 - 2014-02-28 17:25 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
2015-01-23 16:50 - 2013-05-01 20:12 - 00000000 ____D () C:\Program Files\Adobe
2015-01-23 16:49 - 2013-05-01 20:07 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-23 16:37 - 2014-12-14 21:27 - 00000000 ___RD () C:\Users\Joanna\iCloudDrive
2015-01-22 21:08 - 2014-07-11 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-22 21:08 - 2014-07-11 15:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-21 06:22 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-19 11:26 - 2013-08-02 08:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-19 11:12 - 2013-04-27 08:10 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-16 07:26 - 2014-04-28 20:04 - 00000840 _____ () C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-11 00:36 - 2013-04-26 21:26 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\com.aspexsoftware.Silhouette_Studio
2015-01-05 20:20 - 2013-04-27 18:42 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\Apple Computer
2015-01-05 18:55 - 2014-05-18 17:04 - 00000000 ____D () C:\Users\Joanna\Desktop\Gilmore.Girls.COMPLETE.DVDRip.XviD
2015-01-05 18:32 - 2014-12-21 20:52 - 01054912 _____ (Adobe) C:\Users\Joanna\Downloads\install_flashplayer16x32au_mssd_aaa_aih.exe
2015-01-05 18:27 - 2013-11-19 21:41 - 00000000 ____D () C:\Users\Joanna
2015-01-04 18:18 - 2014-12-26 16:00 - 00000000 ____D () C:\Users\Joanna\Desktop\Pics

==================== Files in the root of some directories =======

2013-05-20 20:51 - 2014-02-12 17:26 - 0000132 _____ () C:\Users\Joanna\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-11-25 15:41 - 2014-03-04 10:07 - 0000132 _____ () C:\Users\Joanna\AppData\Roaming\Adobe GIF Format CS6 Prefs
2014-10-14 19:02 - 2014-10-14 19:02 - 0000132 _____ () C:\Users\Joanna\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2013-10-15 20:05 - 2014-09-26 09:48 - 0000132 _____ () C:\Users\Joanna\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-01-31 16:05 - 2014-01-31 16:05 - 0000046 _____ () C:\Users\Joanna\AppData\Roaming\Camdata.ini
2014-01-31 16:05 - 2014-01-31 16:05 - 0000408 _____ () C:\Users\Joanna\AppData\Roaming\CamLayout.ini
2014-01-31 16:05 - 2014-01-31 16:05 - 0000408 _____ () C:\Users\Joanna\AppData\Roaming\CamShapes.ini
2014-01-31 16:05 - 2014-01-31 16:05 - 0004535 _____ () C:\Users\Joanna\AppData\Roaming\CamStudio.cfg
2014-04-22 05:43 - 2014-04-28 17:05 - 0099384 _____ () C:\Users\Joanna\AppData\Roaming\inst.exe
2014-04-22 05:43 - 2014-04-28 17:05 - 0007859 _____ () C:\Users\Joanna\AppData\Roaming\pcouffin.cat
2014-04-22 05:43 - 2014-04-28 17:05 - 0001167 _____ () C:\Users\Joanna\AppData\Roaming\pcouffin.inf
2014-04-22 05:43 - 2014-04-28 17:05 - 0000055 _____ () C:\Users\Joanna\AppData\Roaming\pcouffin.log
2014-04-22 05:43 - 2014-04-28 17:05 - 0082816 _____ (VSO Software) C:\Users\Joanna\AppData\Roaming\pcouffin.sys
2014-06-09 15:51 - 2014-06-09 15:51 - 0000097 _____ () C:\Users\Joanna\AppData\Roaming\settings.xml
2014-01-31 15:57 - 2014-01-31 15:57 - 0000096 _____ () C:\Users\Joanna\AppData\Roaming\version2.xml
2013-11-25 16:10 - 2015-02-03 00:27 - 0001704 _____ () C:\Users\Joanna\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-04-28 21:13 - 2014-05-31 21:54 - 0042496 _____ () C:\Users\Joanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-02 09:04 - 2014-03-02 09:04 - 0000218 _____ () C:\Users\Joanna\AppData\Local\recently-used.xbel
2013-04-26 00:20 - 2013-04-26 00:20 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some content of TEMP:
====================
C:\Users\Joanna\AppData\Local\Temp\bitool.dll
C:\Users\Joanna\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Joanna\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Joanna\AppData\Local\Temp\Extract.exe
C:\Users\Joanna\AppData\Local\Temp\FreeAVIVideoConverter.exe
C:\Users\Joanna\AppData\Local\Temp\FreeMP4VideoConverter.exe
C:\Users\Joanna\AppData\Local\Temp\FreeStudio.exe
C:\Users\Joanna\AppData\Local\Temp\mirc738.exe
C:\Users\Joanna\AppData\Local\Temp\Quarantine.exe
C:\Users\Joanna\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Joanna\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Joanna\AppData\Local\Temp\SP63259.exe
C:\Users\Joanna\AppData\Local\Temp\sqlite3.dll
C:\Users\Joanna\AppData\Local\Temp\tmd_34012003.exe
C:\Users\Joanna\AppData\Local\Temp\tmd_34014077.exe
C:\Users\Joanna\AppData\Local\Temp\tmd_34016468.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-03 17:02

==================== End Of Log ============================

fan1bsb97 · Feb 3, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Joanna at 2015-02-03 17:39:41
Running from C:\Users\Joanna\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AppTrans 1.5.3 (HKLM-x32\...\{F0B50B3A-0C1F-43D8-BE9A-70ADFB473114}}_is1) (Version: 1.5.3 - iMobie Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Free Studio version 6.4.3.128 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.3.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.38.530 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.38.530 - DVDVideoSoft Ltd.)
Garmin Express (HKLM-x32\...\{55ae01f2-f0a8-4342-a9cc-a0327cdaa811}) (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
GetFLV 9.6.7.8 (HKLM-x32\...\GetFLV_is1) (Version: - GetFLV, Inc.)
Google Chrome (HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{92E8BC5B-6023-4846-8151-415351A4FAFF}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{69FD2930-C361-47F6-822E-71B021526778}) (Version: 11.50.0015 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
iExplorer 3.2.4.2 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
iWisoft Flash SWF to Video Converter 3.5 (HKLM-x32\...\iWisoft Flash SWF to Video Converter_is1) (Version: 3.5.0 - www.flash-swf-converter.com)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Kid Pix 3D (HKLM-x32\...\InstallShield_{24C95DA6-8179-40D2-BAFB-5DC5D90B4FCB}) (Version: 2.21.289 - Software MacKiev)
Kid Pix 3D (x32 Version: 2.21.289 - Software MacKiev) Hidden
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.128 - PandoraTV)
LEGO Education WeDo Software v1.2 (HKLM-x32\...\{0CBEA767-D647-4F22-89F6-273D70EB0CE5}) (Version: 1.2.0 - LEGO Company)
LJ-SecInstall (HKLM-x32\...\{6669F1CB-09D2-4850-B72D-D540B1069A41}) (Version: 1.0.2 - Jabil Circuit, Inc)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.38 - mIRC Co. Ltd.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
Opera Stable 27.0.1689.66 (HKLM-x32\...\Opera 27.0.1689.66) (Version: 27.0.1689.66 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)
Roxio Activation Module (HKLM-x32\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{AAE78E39-FAAF-4C19-A63E-BDED7428FDE1}) (Version: 9.1 - Roxio)
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Silhouette Studio (HKLM-x32\...\{36FB379E-8578-4987-B72E-68FBBCDD1CD2}) (Version: 3.1.417 - Silhouette America)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Streaming Video Recorder V4.3.8 (HKLM\...\{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1) (Version: 4.3.8 - Apowersoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Download Capture version 4.9.0 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.9.0 - APOWERSOFT LIMITED)
ViStart (HKLM-x32\...\ViStart) (Version: 8.1.0.5132 - Lee-Soft.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSO Downloader 3.2.0.6 (HKLM-x32\...\{E48E84C5-7599-4CBD-9900-8BCB9A2A2FFA}_is1) (Version: 3.2.0.6 - VSO Software)
VSO EVE Network Driver version 1.0.0.26 (HKLM-x32\...\{AC0AFDC9-4FB1-44FE-B3E1-82300BF3D756}_is1) (Version: 1.0.0.26 - VSO Software)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Migration Assistant (HKLM-x32\...\{8D38F2F7-5217-4773-95F8-19FECDC6B0C3}) (Version: 1.0.5.7 - Apple Inc.)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.21 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.1 - win.rar GmbH)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.1.0.20120222 - Xilisoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2802446628-2056013772-2352947291-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Joanna\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2802446628-2056013772-2352947291-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Joanna\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2802446628-2056013772-2352947291-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Joanna\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2802446628-2056013772-2352947291-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Joanna\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

18-01-2015 09:33:04 Windows Update
22-01-2015 19:39:01 Windows Update
28-01-2015 06:45:28 Windows Update
02-02-2015 19:46:12 FF
02-02-2015 20:44:32 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2014-03-02 21:18 - 00001973 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com
127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com
127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp
127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com
127.0.0.1 support.apowersoft.com
127.0.0.1 www.apowersoft.com
127.0.0.1 apowersoft.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {255DDA7E-F9AF-44C1-A3D4-A14C830BBF75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28] (Google Inc.)
Task: {29304349-FA5C-40A6-BC3E-6067713BBB5C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {38097089-EC9F-4A4F-ACC3-6A7BC1FC5392} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {421A4AF3-9A1F-4C59-A6BD-02FC5422E889} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {516B1A0C-776A-40E5-A713-3B3E33EEE3DF} - System32\Tasks\Opera scheduled Autoupdate 1397778706 => C:\Program Files (x86)\Opera\launcher.exe [2015-02-02] (Opera Software)
Task: {6556A45F-AB2E-4139-B190-117C966E3779} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {668B1650-6014-4ABA-9951-0BF3C5B95FD9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-07] (Synaptics Incorporated)
Task: {6A78F76B-C856-465D-9256-0F656E284283} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28] (Google Inc.)
Task: {7001A78D-D2A3-4BD8-9E8F-B666EF09DD57} - System32\Tasks\HPCeeScheduleForJoanna => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {722B700C-33CD-48B2-B50E-BF342B03F82F} - System32\Tasks\{3B18762D-FD62-4CF8-AE5F-63B15A812A67} => pcalua.exe -a C:\Users\Joanna\Downloads\RemoteAccessHostXP.exe -d C:\Users\Joanna\Downloads
Task: {72EC89B9-A3C3-4D47-8573-B9822F5D67CB} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {73D3DF68-16FB-4023-95D1-AF23C4D5F8E7} - System32\Tasks\{689FE945-6AA1-4506-BBAC-406CF3A5188D} => pcalua.exe -a "C:\Program Files\Apowersoft\Streaming Video Recorder\unins000.exe"
Task: {7B427909-5913-4304-9AF2-E12FB9258792} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {7BDE6D77-2EB6-444F-9BE6-827561910C07} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8776D4C8-514D-408B-B98C-4EBDF0FB3179} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {8EA586B2-2716-454D-8B74-099565B481BB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2802446628-2056013772-2352947291-1001Core => C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-28] (Google Inc.)
Task: {A6C46F3C-2D50-4790-880D-72B933241D8B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {B8EF3738-4D29-41A6-9D16-4681A548E61D} - System32\Tasks\AdobeAAMUpdater-1.0-Newbie-Joanna => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {C256E924-0A9F-49DD-A350-86E4AADCAA4A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2802446628-2056013772-2352947291-1001UA => C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-28] (Google Inc.)
Task: {CE4B7AB5-0796-48C7-B7B1-310525B92613} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D326E5ED-7315-421B-A417-376A7231710E} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {DC9F0839-19A3-4017-99A7-236E9B2086EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {FA32AF69-C19E-40C2-A472-9368EDCEE24C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-19] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2802446628-2056013772-2352947291-1001Core.job => C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2802446628-2056013772-2352947291-1001UA.job => C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJoanna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-06 03:47 - 2012-09-06 03:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2013-06-07 04:16 - 2013-06-07 04:16 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2013-10-03 23:42 - 2013-10-03 23:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-12 20:22 - 2012-10-12 20:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-10-12 20:22 - 2012-10-12 20:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 20:22 - 2012-10-12 20:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-11-19 22:10 - 2013-11-19 22:10 - 00120224 _____ () C:\Users\Joanna\AppData\Local\assembly\dl3\O7PQMR1O.G08\MV1X3Q90.3B5\8fd65b8c\00f33f28_e1a8cd01\HPItunesModule.DLL
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-03-29 01:54 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-01 22:47 - 2015-01-26 22:44 - 01117512 _____ () C:\Users\Joanna\AppData\Local\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-02-01 22:47 - 2015-01-26 22:44 - 00211272 _____ () C:\Users\Joanna\AppData\Local\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-02-01 22:47 - 2015-01-26 22:44 - 09171272 _____ () C:\Users\Joanna\AppData\Local\Google\Chrome\Application\40.0.2214.94\pdf.dll
2015-02-01 22:47 - 2015-01-26 22:44 - 14913864 _____ () C:\Users\Joanna\AppData\Local\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager"
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "GmailNotifierPro"
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B50826638171B982A76266700AE576E6"
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "ApplePhotoStreams"

========================= Accounts: ==========================

Administrator (S-1-5-21-2802446628-2056013772-2352947291-500 - Administrator - Disabled)
Guest (S-1-5-21-2802446628-2056013772-2352947291-501 - Limited - Disabled)
Joanna (S-1-5-21-2802446628-2056013772-2352947291-1001 - Administrator - Enabled) => C:\Users\Joanna

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 05:35:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ViStart.exe version 8.1.0.5132 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: db0

Start Time: 01d04000e53dea5c

Termination Time: 4294967295

Application Path: C:\Users\Joanna\AppData\Roaming\ViStart\ViStart.exe

Report Id: e6d74e69-abf4-11e4-befd-bce90cc8b351

Faulting package full name:

Faulting package-relative application ID:

System errors:
=============
Error: (02/03/2015 05:39:13 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/03/2015 05:38:43 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/03/2015 05:38:13 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/03/2015 05:37:43 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/03/2015 05:37:13 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/03/2015 05:36:43 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/03/2015 05:36:13 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/03/2015 05:35:42 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/03/2015 05:35:12 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/03/2015 05:34:42 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Microsoft Office Sessions:
=========================
Error: (02/03/2015 05:35:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ViStart.exe8.1.0.5132db001d04000e53dea5c4294967295C:\Users\Joanna\AppData\Roaming\ViStart\ViStart.exee6d74e69-abf4-11e4-befd-bce90cc8b351

CodeIntegrity Errors:
===================================
Date: 2015-02-03 17:03:48.877
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-03 08:04:45.969
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-03 07:36:30.010
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-03 07:36:29.881
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-03 07:36:29.745
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-03 07:36:29.551
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-03 07:36:29.429
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-03 07:36:29.305
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-03 07:36:28.389
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-03 07:36:28.199
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 17%
Total physical RAM: 16280.28 MB
Available physical RAM: 13403.04 MB
Total Pagefile: 18712.28 MB
Available Pagefile: 15252.68 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:669.38 GB) (Free:255.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:28.14 GB) (Free:3.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 40BEBE1B)

Partition: GPT Partition Type.

==================== End Of Log ============================

Broni · Feb 3, 2015

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

fan1bsb97 · Feb 3, 2015

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Joanna at 2015-02-03 20:40:39 Run:1
Running from C:\Users\Joanna\Desktop
Loaded Profiles: Joanna (Available profiles: Joanna)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-2802446628-2056013772-2352947291-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
C:\Users\Joanna\AppData\Local\Temp\bitool.dll
C:\Users\Joanna\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Joanna\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Joanna\AppData\Local\Temp\Extract.exe
C:\Users\Joanna\AppData\Local\Temp\FreeAVIVideoConverter.exe
C:\Users\Joanna\AppData\Local\Temp\FreeMP4VideoConverter.exe
C:\Users\Joanna\AppData\Local\Temp\FreeStudio.exe
C:\Users\Joanna\AppData\Local\Temp\mirc738.exe
C:\Users\Joanna\AppData\Local\Temp\Quarantine.exe
C:\Users\Joanna\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Joanna\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Joanna\AppData\Local\Temp\SP63259.exe
C:\Users\Joanna\AppData\Local\Temp\sqlite3.dll
C:\Users\Joanna\AppData\Local\Temp\tmd_34012003.exe
C:\Users\Joanna\AppData\Local\Temp\tmd_34014077.exe
C:\Users\Joanna\AppData\Local\Temp\tmd_34016468.exe

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully.
C:\Users\Joanna\AppData\Local\Temp\bitool.dll => Moved successfully.
C:\Users\Joanna\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Joanna\AppData\Local\Temp\EsgInstallerx64Stub.exe => Moved successfully.
C:\Users\Joanna\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\Joanna\AppData\Local\Temp\FreeAVIVideoConverter.exe => Moved successfully.
C:\Users\Joanna\AppData\Local\Temp\FreeMP4VideoConverter.exe => Moved successfully.
C:\Users\Joanna\AppData\Local\Temp\FreeStudio.exe => Moved successfully.
C:\Users\Joanna\AppData\Local\Temp\mirc738.exe => Moved successfully.
C:\Users\Joanna\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Joanna\AppData\Local\Temp\RSPUpgradeInstaller.exe => Moved successfully.
C:\Users\Joanna\AppData\Local\Temp\SearchProtectionSetup.exe => Moved successfully.
C:\Users\Joanna\AppData\Local\Temp\SP63259.exe => Moved successfully.
C:\Users\Joanna\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Joanna\AppData\Local\Temp\tmd_34012003.exe => Moved successfully.
C:\Users\Joanna\AppData\Local\Temp\tmd_34014077.exe => Moved successfully.
C:\Users\Joanna\AppData\Local\Temp\tmd_34016468.exe => Moved successfully.

==== End of Fixlog 20:40:42 ====

Broni · Feb 3, 2015

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

fan1bsb97 · Feb 4, 2015

Results of screen317's Security Check version 0.99.96
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 25
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Mozilla Firefox (35.0.1)
Google Chrome (40.0.2214.93)
Google Chrome (40.0.2214.94)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

fan1bsb97 · Feb 4, 2015

Farbar Service Scanner Version: 17-01-2015
Ran by Joanna (administrator) on 04-02-2015 at 21:16:24
Running from "C:\Users\Joanna\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Broni · Feb 5, 2015

Sophos?

fan1bsb97 · Feb 5, 2015

It was going no where fast and I had to go to bed, so I will start it again now.

fan1bsb97 · Feb 5, 2015

2015-02-05 02:45:54.393 Sophos Virus Removal Tool version 2.5.4
2015-02-05 02:45:54.393 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-02-05 02:45:54.393 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-02-05 02:45:54.393 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2015-02-05 02:45:54.393 Checking for updates...
2015-02-05 02:45:54.409 Update progress: proxy server not available
2015-02-05 02:46:01.555 Option all = no
2015-02-05 02:46:01.555 Option recurse = yes
2015-02-05 02:46:01.555 Option archive = no
2015-02-05 02:46:01.555 Option service = yes
2015-02-05 02:46:01.555 Option confirm = yes
2015-02-05 02:46:01.555 Option sxl = yes
2015-02-05 02:46:01.555 Option max-data-age = 35
2015-02-05 02:46:01.555 Option EnableSafeClean = yes
2015-02-05 02:46:02.771 Downloading updates...
2015-02-05 02:46:02.771 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-02-05 02:46:02.771 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-02-05 02:46:02.771 Update progress: [I49502] Found supplement IDE511 LATEST
2015-02-05 02:46:02.771 Update progress: [I49502] Found supplement IDE512 LATEST
2015-02-05 02:46:02.771 Update progress: [I49502] Found supplement IDE513 LATEST
2015-02-05 02:46:02.771 Update progress: [I49502] Found supplement IDE514 LATEST
2015-02-05 02:46:02.771 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-02-05 02:46:02.771 Update progress: [I19463] Syncing product SAVIW32 49
2015-02-05 02:46:08.612 Update progress: [I19463] Syncing product IDE511 170
2015-02-05 02:46:11.394 Installing updates...
2015-02-05 02:46:13.880 Option vdl-logging = yes
2015-02-05 02:46:14.482 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-02-05 02:46:14.482 Machine ID: 165a31a524264af5996f79521d7bb7dc
2015-02-05 02:46:14.482 Component SVRTcli.exe version 2.5.4
2015-02-05 02:46:14.482 Component control.dll version 2.5.4
2015-02-05 02:46:14.482 Component SVRTservice.exe version 2.5.4
2015-02-05 02:46:14.482 Component engine\osdp.dll version 1.44.1.2183
2015-02-05 02:46:14.482 Component engine\veex.dll version 3.58.3.2183
2015-02-05 02:46:14.482 Component engine\savi.dll version 8.1.5.2183
2015-02-05 02:46:14.482 Component rkdisk.dll version 1.5.30.0
2015-02-05 02:46:14.482 Version info: Product version 2.5.4
2015-02-05 02:46:14.483 Version info: Detection engine 3.58.3
2015-02-05 02:46:14.483 Version info: Detection data 5.10
2015-02-05 02:46:14.483 Version info: Build date 1/6/2015
2015-02-05 02:46:14.483 Version info: Data files added 342
2015-02-05 02:46:14.483 Version info: Last successful update (not yet updated)
2015-02-05 02:46:14.483 Error level 1
2015-02-05 02:46:14.495 Update progress: [I19463] Syncing product IDE512 166
2015-02-05 02:46:14.495 Update progress: [I19463] Syncing product IDE513 11
2015-02-05 02:46:14.495 Update progress: [I19463] Syncing product IDE514 1
2015-02-05 02:46:57.279 Update successful
2015-02-05 02:47:12.827 Option all = no
2015-02-05 02:47:12.827 Option recurse = yes
2015-02-05 02:47:12.827 Option archive = no
2015-02-05 02:47:12.827 Option service = yes
2015-02-05 02:47:12.827 Option confirm = yes
2015-02-05 02:47:12.827 Option sxl = yes
2015-02-05 02:47:12.828 Option max-data-age = 35
2015-02-05 02:47:12.828 Option EnableSafeClean = yes
2015-02-05 02:47:13.124 Option vdl-logging = yes
2015-02-05 02:47:13.190 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-02-05 02:47:13.190 Machine ID: 165a31a524264af5996f79521d7bb7dc
2015-02-05 02:47:13.191 Component SVRTcli.exe version 2.5.4
2015-02-05 02:47:13.191 Component control.dll version 2.5.4
2015-02-05 02:47:13.191 Component SVRTservice.exe version 2.5.4
2015-02-05 02:47:13.191 Component engine\osdp.dll version 1.44.1.2183
2015-02-05 02:47:13.191 Component engine\veex.dll version 3.58.3.2183
2015-02-05 02:47:13.191 Component engine\savi.dll version 8.1.5.2183
2015-02-05 02:47:13.192 Component rkdisk.dll version 1.5.30.0
2015-02-05 02:47:13.192 Version info: Product version 2.5.4
2015-02-05 02:47:13.192 Version info: Detection engine 3.58.3
2015-02-05 02:47:13.192 Version info: Detection data 5.10G
2015-02-05 02:47:13.192 Version info: Build date 1/6/2015
2015-02-05 02:47:13.192 Version info: Data files added 342
2015-02-05 02:47:13.192 Version info: Last successful update 2/4/2015 9:46:57 PM

2015-02-05 03:29:15.756 SafeClean bin directory is empty.
2015-02-05 03:29:15.757 Error level 0

2015-02-05 03:29:15.916 Scan cancelled by user.
2015-02-05 03:29:15.916

------------------------------------------------------------

2015-02-05 21:50:33.566 Sophos Virus Removal Tool version 2.5.4
2015-02-05 21:50:33.566 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-02-05 21:50:33.566 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-02-05 21:50:33.566 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2015-02-05 21:50:33.567 Checking for updates...
2015-02-05 21:50:33.576 Update progress: proxy server not available
2015-02-05 21:50:44.524 Option all = no
2015-02-05 21:50:44.524 Option recurse = yes
2015-02-05 21:50:44.524 Option archive = no
2015-02-05 21:50:44.524 Option service = yes
2015-02-05 21:50:44.524 Option confirm = yes
2015-02-05 21:50:44.524 Option sxl = yes
2015-02-05 21:50:44.526 Option max-data-age = 35
2015-02-05 21:50:44.526 Option EnableSafeClean = yes
2015-02-05 21:50:45.126 Option vdl-logging = yes
2015-02-05 21:50:45.132 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-02-05 21:50:45.132 Machine ID: 165a31a524264af5996f79521d7bb7dc
2015-02-05 21:50:45.240 Component SVRTcli.exe version 2.5.4
2015-02-05 21:50:45.240 Component control.dll version 2.5.4
2015-02-05 21:50:45.240 Component SVRTservice.exe version 2.5.4
2015-02-05 21:50:45.240 Component engine\osdp.dll version 1.44.1.2183
2015-02-05 21:50:45.240 Component engine\veex.dll version 3.58.3.2183
2015-02-05 21:50:45.241 Component engine\savi.dll version 8.1.5.2183
2015-02-05 21:50:45.312 Component rkdisk.dll version 1.5.30.0
2015-02-05 21:50:45.312 Version info: Product version 2.5.4
2015-02-05 21:50:45.313 Version info: Detection engine 3.58.3
2015-02-05 21:50:45.313 Version info: Detection data 5.10G
2015-02-05 21:50:45.313 Version info: Build date 1/6/2015
2015-02-05 21:50:45.313 Version info: Data files added 342
2015-02-05 21:50:45.313 Version info: Last successful update 2/4/2015 9:46:57 PM
2015-02-05 21:50:46.530 Downloading updates...
2015-02-05 21:50:46.531 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-02-05 21:50:46.531 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-02-05 21:50:46.531 Update progress: [I49502] Found supplement IDE511 LATEST
2015-02-05 21:50:46.531 Update progress: [I49502] Found supplement IDE512 LATEST
2015-02-05 21:50:46.531 Update progress: [I49502] Found supplement IDE513 LATEST
2015-02-05 21:50:46.531 Update progress: [I49502] Found supplement IDE514 LATEST
2015-02-05 21:50:46.531 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-02-05 21:50:46.531 Update progress: [I19463] Syncing product SAVIW32 49
2015-02-05 21:50:46.531 Update progress: [I19463] Syncing product IDE511 170
2015-02-05 21:50:48.474 Update progress: [I19463] Syncing product IDE512 166
2015-02-05 21:50:48.474 Update progress: [I19463] Syncing product IDE513 16
2015-02-05 21:50:48.778 Installing updates...
2015-02-05 21:50:49.382 Error level 1
2015-02-05 21:50:49.593 Update progress: [I19463] Syncing product IDE514 1
2015-02-05 21:50:49.680 Update successful
2015-02-05 21:51:01.033 Option all = no
2015-02-05 21:51:01.033 Option recurse = yes
2015-02-05 21:51:01.033 Option archive = no
2015-02-05 21:51:01.034 Option service = yes
2015-02-05 21:51:01.034 Option confirm = yes
2015-02-05 21:51:01.034 Option sxl = yes
2015-02-05 21:51:01.036 Option max-data-age = 35
2015-02-05 21:51:01.036 Option EnableSafeClean = yes
2015-02-05 21:51:01.292 Option vdl-logging = yes
2015-02-05 21:51:01.299 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-02-05 21:51:01.299 Machine ID: 165a31a524264af5996f79521d7bb7dc
2015-02-05 21:51:01.300 Component SVRTcli.exe version 2.5.4
2015-02-05 21:51:01.300 Component control.dll version 2.5.4
2015-02-05 21:51:01.300 Component SVRTservice.exe version 2.5.4
2015-02-05 21:51:01.300 Component engine\osdp.dll version 1.44.1.2183
2015-02-05 21:51:01.300 Component engine\veex.dll version 3.58.3.2183
2015-02-05 21:51:01.300 Component engine\savi.dll version 8.1.5.2183
2015-02-05 21:51:01.301 Component rkdisk.dll version 1.5.30.0
2015-02-05 21:51:01.301 Version info: Product version 2.5.4
2015-02-05 21:51:01.301 Version info: Detection engine 3.58.3
2015-02-05 21:51:01.301 Version info: Detection data 5.10G
2015-02-05 21:51:01.301 Version info: Build date 1/6/2015
2015-02-05 21:51:01.301 Version info: Data files added 347
2015-02-05 21:51:01.301 Version info: Last successful update 2/5/2015 4:50:49 PM

2015-02-05 23:54:34.723 Could not open C:\hiberfil.sys
2015-02-05 23:54:41.284 Could not open C:\pagefile.sys
2015-02-06 00:11:13.526 Could not open C:\swapfile.sys
2015-02-06 00:13:46.284 Could not open C:\System Volume Information\{0c184c8d-aae9-11e4-befa-6c3be58a64ac}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-06 00:13:46.285 Could not open C:\System Volume Information\{0c184d37-aae9-11e4-befa-6c3be58a64ac}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-06 00:13:46.285 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-06 00:13:46.286 Could not open C:\System Volume Information\{af3ae6e4-acdb-11e4-befe-bb8bff3ebf9b}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-06 00:14:28.809 Could not open C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Current Session
2015-02-06 00:14:28.811 Could not open C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2015-02-06 00:14:29.162 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
2015-02-06 00:14:29.172 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2015-02-06 00:14:34.369 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK (virus scan failed)
2015-02-06 00:14:36.126 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_twitter.com_0.indexeddb.leveldb\LOCK (virus scan failed)
2015-02-06 00:14:36.278 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dhdgffkkebhmkfjojejmpbldmpobfkfo\LOCK (virus scan failed)
2015-02-06 00:14:36.286 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fpfgeeomkfdefkckijiabdbogjkdaecd\LOCK (virus scan failed)
2015-02-06 00:14:36.295 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpdjojdkbbmdfjfahjcgigfpmkopogic\LOCK (virus scan failed)
2015-02-06 00:14:36.307 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2015-02-06 00:15:02.463 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-02-06 00:15:02.605 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\immhpnclomdloikkpcefncmfgjbkojmh\LOCK (virus scan failed)
2015-02-06 00:37:40.580 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-02-06 00:37:40.582 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-02-06 00:37:45.348 Could not open C:\Windows\System32\config\BBI
2015-02-06 00:37:45.649 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-02-06 00:37:45.653 Could not open C:\Windows\System32\config\RegBack\SAM
2015-02-06 00:37:45.654 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-02-06 00:37:45.657 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-02-06 00:37:45.659 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-02-06 00:46:43.191 >>> Virus 'Mal/VMProtBad-A' found in file C:\Windows\SysWOW64\regsvc.dll
2015-02-06 00:46:43.192 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-02-06 00:46:43.192 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-02-06 00:58:05.789 The following items will be cleaned up:
2015-02-06 00:58:05.789 Mal/VMProtBad-A

Broni · Feb 5, 2015

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

You need to update only 32-bit version. 64-bit version is up to date.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

=====================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

fan1bsb97 · Feb 5, 2015

I'm still infected

Broni · Feb 5, 2015

Explain. I'm not there.

fan1bsb97 · Feb 6, 2015

Here's a picture. When I click anywhere 5 ads open up. I circled where it says 'ads by info'

Broni · Feb 6, 2015

Which browser?

fan1bsb97 · Feb 6, 2015

Firefox

Broni · Feb 6, 2015

Reset Firefox: https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

If the above didn't help...

Uninstall Firefox completely using this manual: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer
NOTE. Use MozBackup: http://mozbackup.jasnapaka.com/ to backup your bookmarks and passwords. Do NOT backup anything else.
Install fresh copy.

Solved Ads by Info Infection

Posts: 150 +0

Posts: 56,041 +516

Posts: 150 +0

Posts: 56,041 +516

Posts: 150 +0

Posts: 150 +0

Posts: 56,041 +516

Posts: 150 +0

Posts: 150 +0

Posts: 150 +0

Posts: 56,041 +516

Attachments

Posts: 150 +0

Posts: 56,041 +516

Posts: 150 +0

Posts: 150 +0

Posts: 56,041 +516

Posts: 150 +0

Posts: 150 +0

Posts: 56,041 +516

Posts: 150 +0

Posts: 56,041 +516

Posts: 150 +0

Posts: 56,041 +516

Posts: 150 +0

Posts: 56,041 +516

Similar threads