Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Cannot access internet in normal mode
Message
<blockquote data-quote="Nasage" data-source="post: 353121" data-attributes="member: 34148"><p>Ran the 2 tools. 1 malware detected by Malwarebytes anti-rootkit tool. Restarted computer in normal mode, but still unable to access internet. Tried to open chrome but received message stating couldn't find page. Tried to search for google, but then received message stating could not access network. Still able to access internet in safe mode with networking.</p><p></p><p>Here are the logs:</p><p>Malwarebytes Anti-Rootkit BETA 1.09.1.1004</p><p><a href="http://www.malwarebytes.org" target="_blank">www.malwarebytes.org</a></p><p></p><p>Database version:</p><p> main: v2015.02.23.07</p><p> rootkit: v2015.02.22.01</p><p></p><p>Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)</p><p>Internet Explorer 11.0.9600.17501</p><p>Nadeige :: NADEIGE-HP [administrator]</p><p></p><p>2/23/2015 3:47:34 PM</p><p>mbar-log-2015-02-23 (15-47-34).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken</p><p>Scan options disabled: </p><p>Objects scanned: 476556</p><p>Time elapsed: 45 minute(s), 20 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 1</p><p>C:\WINDOWS\SYSTEM32\drivers\itnfd_1_10_0_9.sys (PUP.Optional.IntelliTerm.A) -> Delete on reboot. [bb582289d17dab6c47a57f15e1134e8f]</p><p></p><p>Physical Sectors Detected: 0</p><p>(No malicious items detected)</p><p></p><p>(end)</p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.09.1.1004</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>System is currently in a safe mode</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 11.0.9600.17501</p><p></p><p>Java version: 1.6.0_30</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED</p><p>CPU speed: 2.494000 GHz</p><p>Memory total: 8535212032, free: 7378268160</p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.09.1.1004</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>System is currently in a safe mode</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 11.0.9600.17501</p><p></p><p>Java version: 1.6.0_30</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED</p><p>CPU speed: 2.494000 GHz</p><p>Memory total: 8535212032, free: 7398158336</p><p></p><p>Downloaded database version: v2015.02.23.07</p><p>Downloaded database version: v2015.02.22.01</p><p>Downloaded database version: v2014.12.06.01</p><p>=======================================</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 02/23/2015 15:47:22</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\hal.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\WMILIB.SYS</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\drivers\compbatt.sys</p><p>\SystemRoot\system32\drivers\BATTC.SYS</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\drivers\iaStor.sys</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\drivers\wd.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\system32\DRIVERS\hpdskflt.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\drivers\disk.sys</p><p>\SystemRoot\system32\drivers\CLASSPNP.SYS</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\drivers\itnfd_1_10_0_9.sys</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\vwififlt.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\DRIVERS\HECIx64.sys</p><p>\SystemRoot\system32\drivers\usbehci.sys</p><p>\SystemRoot\system32\drivers\USBPORT.SYS</p><p>\SystemRoot\system32\drivers\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\Netwsw00.sys</p><p>\SystemRoot\system32\DRIVERS\vwifibus.sys</p><p>\SystemRoot\system32\DRIVERS\Rt64win7.sys</p><p>\SystemRoot\system32\DRIVERS\nusb3xhc.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\system32\DRIVERS\i8042prt.sys</p><p>\SystemRoot\system32\drivers\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\SynTP.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\DRIVERS\cdrom.sys</p><p>\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys</p><p>\SystemRoot\system32\drivers\wmiacpi.sys</p><p>\SystemRoot\system32\DRIVERS\ISCTD64.sys</p><p>\SystemRoot\system32\DRIVERS\Accelerometer.sys</p><p>\SystemRoot\system32\drivers\blbdrive.sys</p><p>\SystemRoot\system32\drivers\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\dsNcAdpt.sys</p><p>\SystemRoot\system32\drivers\mssmbios.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\DRIVERS\covpnv64.sys</p><p>\SystemRoot\system32\drivers\termdd.sys</p><p>\SystemRoot\system32\drivers\swenum.sys</p><p>\SystemRoot\system32\drivers\ks.sys</p><p>\SystemRoot\system32\DRIVERS\iwdbus.sys</p><p>\SystemRoot\system32\DRIVERS\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\Drivers\fastfat.SYS</p><p>\SystemRoot\system32\DRIVERS\nusb3hub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_iaStor.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\System32\drivers\dxg.sys</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\System32\framebuf.dll</p><p>\SystemRoot\system32\drivers\WudfPf.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\SystemRoot\system32\DRIVERS\vwifimp.sys</p><p>\??\C:\Windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>\Windows\System32\autochk.exe</p><p>\Windows\System32\ws2_32.dll</p><p>\Windows\System32\shlwapi.dll</p><p>\Windows\System32\urlmon.dll</p><p>\Windows\System32\comdlg32.dll</p><p>\Windows\System32\shell32.dll</p><p>\Windows\System32\clbcatq.dll</p><p>\Windows\System32\msvcrt.dll</p><p>\Windows\System32\advapi32.dll</p><p>\Windows\System32\ole32.dll</p><p>\Windows\System32\lpk.dll</p><p>\Windows\System32\user32.dll</p><p>\Windows\System32\imm32.dll</p><p>\Windows\System32\oleaut32.dll</p><p>\Windows\System32\nsi.dll</p><p>\Windows\System32\psapi.dll</p><p>\Windows\System32\sechost.dll</p><p>\Windows\System32\rpcrt4.dll</p><p>\Windows\System32\imagehlp.dll</p><p>\Windows\System32\kernel32.dll</p><p>\Windows\System32\difxapi.dll</p><p>\Windows\System32\Wldap32.dll</p><p>\Windows\System32\msctf.dll</p><p>\Windows\System32\wininet.dll</p><p>\Windows\System32\iertutil.dll</p><p>\Windows\System32\usp10.dll</p><p>\Windows\System32\normaliz.dll</p><p>\Windows\System32\setupapi.dll</p><p>\Windows\System32\gdi32.dll</p><p>\Windows\System32\devobj.dll</p><p>\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll</p><p>\Windows\System32\userenv.dll</p><p>\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll</p><p>\Windows\System32\wintrust.dll</p><p>\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll</p><p>\Windows\System32\KernelBase.dll</p><p>\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll</p><p>\Windows\System32\crypt32.dll</p><p>\Windows\System32\comctl32.dll</p><p>\Windows\System32\cfgmgr32.dll</p><p>\Windows\System32\profapi.dll</p><p>\Windows\System32\msasn1.dll</p><p>\Windows\SysWOW64\normaliz.dll</p><p>----------- End -----------</p><p>Done!</p><p></p><p>Scan started</p><p>Database versions:</p><p> main: v2015.02.23.07</p><p> rootkit: v2015.02.22.01</p><p></p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xfffffa800a306060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa800a306b90, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa800a306060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa800a159b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\</p><p>DevicePointer: 0xfffffa8007e1d050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>File C:\WINDOWS\SYSTEM32\drivers\itnfd_1_10_0_9.sys will be destroyed</p><p>Infected: C:\WINDOWS\SYSTEM32\drivers\itnfd_1_10_0_9.sys --> [PUP.Optional.IntelliTerm.A]</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 99E03F5A</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 407552</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 409600 Numsec = 1421078528</p><p></p><p> Partition 2 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 1421488128 Numsec = 35338240</p><p></p><p> Partition 3 type is Other (0xc)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 1456826368 Numsec = 8318976</p><p></p><p>Disk Size: 750156374016 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...</p><p>Done!</p><p>Scan finished</p><p>Creating System Restore point...</p><p>Could not create restore point...</p><p>Cleaning up...</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Removal scheduling successful. System shutdown needed.</p><p>System shutdown occurred</p><p>=======================================</p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015</p><p>Ran by Nadeige (administrator) on NADEIGE-HP on 23-02-2015 17:26:37</p><p>Running from C:\Users\Nadeige\Downloads</p><p>Loaded Profiles: Nadeige (Available profiles: Nadeige & Stephen & Jackie & Guest)</p><p>Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser path: "C:\Users\Nadeige\AppData\Local\Binkiland\Application\Binkiland.exe" -- "%1")</p><p>Boot Mode: Safe Mode (with Networking)</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2814760 2011-07-15] (Synaptics Incorporated)</p><p>HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-08-16] (IDT, Inc.)</p><p>HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp</p><p>HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)</p><p>HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)</p><p>HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-09-02] (Hewlett-Packard Company)</p><p>HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)</p><p>HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)</p><p>HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)</p><p>HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"</p><p>HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)</p><p>HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)</p><p>HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)</p><p>HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)</p><p>HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [HP ENVY 110 series (NET)] => C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-19] (Hewlett-Packard Co.)</p><p>HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe</p><p>HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [TivoServer] => C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer</p><p>HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [TivoTransfer] => C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe</p><p>HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [TivoNotify] => C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify</p><p>HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [TranscodingService] => C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe</p><p>HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC)</p><p>HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [eFax 4.4] => C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe [95744 2012-08-29] (j2 Global Communications, Inc.)</p><p>HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)</p><p>HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)</p><p>HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"</p><p>HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)</p><p>HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21652064 2014-07-24] (Skype Technologies S.A.)</p><p>HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [GoogleChromeAutoLaunch_520DFFCEC26609FEBA3C6B9D2A50E1C1] => "C:\Users\Nadeige\AppData\Local\Binkiland\Application\binkiland.exe" --no-startup-window</p><p>Startup: C:\Users\Nadeige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk</p><p>ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)</p><p>Startup: C:\Users\Nadeige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 110 series (Network).lnk</p><p>ShortcutTarget: Monitor Ink Alerts - HP ENVY 110 series (Network).lnk -> C:\Program Files\HP\HP ENVY 110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)</p><p>ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)</p><p>ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)</p><p>ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = </p><p>SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-21-3294830945-2644369361-1329188904-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = <a href="https://www.google.com/search?q={searchTerms}" target="_blank">https://www.google.com/search?q={searchTerms}</a></p><p>BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)</p><p>BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)</p><p>BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File</p><p>BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)</p><p>BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)</p><p>BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)</p><p>BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)</p><p>BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)</p><p>BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)</p><p>Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)</p><p>Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>DPF: HKLM-x32 {D9CDEFE3-51BB-4737-A12C-53D9814A148C} <a href="https://mail.nyumc.org/ecp/MWScripts/Attachview/2.0/DAX.cab" target="_blank">https://mail.nyumc.org/ecp/MWScripts/Attachview/2.0/DAX.cab</a></p><p>DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\Nadeige\AppData\Local\Temp\f5tmp\urxhost.cab</p><p>DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} <a href="https://nyuremote.nyumc.org/dana-cached/sc/JuniperSetupClient.cab" target="_blank">https://nyuremote.nyumc.org/dana-cached/sc/JuniperSetupClient.cab</a></p><p>Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)</p><p>Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)</p><p>Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p></p><p>FireFox:</p><p>========</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:quickprint@hp.com">quickprint@hp.com</a>] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension</p><p>FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-03-10]</p><p>FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn</p><p>FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn [2015-02-23]</p><p>FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF</p><p>FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF [2014-08-20]</p><p></p><p>Chrome: </p><p>=======</p><p>CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()</p><p>CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer</p><p>CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File</p><p>CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()</p><p>CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)</p><p>CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)</p><p>CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File</p><p>CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)</p><p>CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)</p><p>CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File</p><p>CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File</p><p>CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File</p><p>CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File</p><p>CHR Profile: C:\Users\Nadeige\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nadeige\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-26]</p><p>CHR Extension: (Website Logon) - C:\Users\Nadeige\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2013-06-03]</p><p>CHR Extension: (Google Wallet) - C:\Users\Nadeige\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-26]</p><p>CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - <a href="https://clients2.google.com/service/update2/crx" target="_blank">https://clients2.google.com/service/update2/crx</a></p><p>CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-26]</p><p>CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]</p><p>CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - <a href="https://clients2.google.com/service/update2/crx" target="_blank">https://clients2.google.com/service/update2/crx</a></p><p>CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-26]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)</p><p>S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)</p><p>S2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)</p><p>S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]</p><p>S2 ISCTAgent; C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [93696 2011-09-06] ()</p><p>S2 itsvc_1.10.0.9; C:\Program Files (x86)\IntelliTerm_1.10.0.9\Service\itsvc.exe [278608 2015-02-06] (Intelli Term)</p><p>S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()</p><p>S2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)</p><p>S2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)</p><p>S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)</p><p>S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-02-13] (Enigma Software Group USA, LLC.)</p><p>S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)</p><p>S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)</p><p>S3 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)</p><p>S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-11] (Symantec Corporation)</p><p>S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-02-11] (Symantec Corporation)</p><p>S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-13] ()</p><p>S3 f5ipfw; C:\Windows\system32\drivers\urfltv64.sys [18992 2013-02-13] (F5 Networks, Inc.)</p><p>S3 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20150210.001\IDSvia64.sys [669400 2015-02-10] (Symantec Corporation)</p><p>R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2011-09-06] ()</p><p>S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20150210.038\ENG64.SYS [129752 2015-02-11] (Symantec Corporation)</p><p>S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20150210.038\EX64.SYS [2137304 2015-02-11] (Symantec Corporation)</p><p>S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)</p><p>S3 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)</p><p>S3 SymDS; C:\Windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)</p><p>S3 SymEFA; C:\Windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)</p><p>S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-31] (Symantec Corporation)</p><p>S3 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)</p><p>S3 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)</p><p>U5 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [37624 2015-02-12] ()</p><p>R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [45776 2012-04-05] (F5 Networks, Inc.)</p><p>S1 itnfd_1_10_0_9; system32\drivers\itnfd_1_10_0_9.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-02-23 15:47 - 2015-02-23 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)</p><p>2015-02-23 15:45 - 2015-02-23 17:25 - 00000000 ____D () C:\Users\Nadeige\Desktop\mbar</p><p>2015-02-23 15:44 - 2015-02-23 15:44 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Nadeige\Downloads\mbar-1.09.1.1004.exe</p><p>2015-02-23 15:23 - 2015-02-23 15:32 - 00000000 ____D () C:\Program Files (x86)\ShowMyPCService</p><p>2015-02-23 13:37 - 2015-02-23 13:37 - 00000000 ____D () C:\Users\Nadeige\Downloads\FRST-OlderVersion</p><p>2015-02-23 13:31 - 2015-02-23 13:31 - 00001051 _____ () C:\Users\Nadeige\Desktop\AdwCleaner[S2].txt</p><p>2015-02-23 13:29 - 2015-02-23 13:31 - 00000986 _____ () C:\Users\Nadeige\Desktop\AdwCleaner[R2].txt</p><p>2015-02-23 13:26 - 2015-02-23 13:26 - 02126848 _____ () C:\Users\Nadeige\Downloads\AdwCleaner.exe</p><p>2015-02-20 17:01 - 2015-02-20 17:01 - 00000402 _____ () C:\Windows\Tasks\{18EEC0B1-BC3E-4855-B6A6-2D63CAB8EBCB}.job</p><p>2015-02-13 23:04 - 2015-02-23 13:34 - 00000000 ____D () C:\AdwCleaner</p><p>2015-02-13 23:02 - 2015-02-13 23:02 - 00002261 _____ () C:\Users\Nadeige\Desktop\Binkiland.lnk</p><p>2015-02-13 23:01 - 2015-02-13 23:01 - 00701824 _____ (Generic Application ) C:\Users\Nadeige\Downloads\AdwCleaner Setup.exe</p><p>2015-02-13 23:01 - 2015-02-13 23:01 - 00000000 ____D () C:\Users\Nadeige\AppData\Roaming\0D1T1C2W1P1G0D0L0M</p><p>2015-02-13 23:01 - 2015-02-13 23:01 - 00000000 ____D () C:\Program Files (x86)\IntelliTerm_1.10.0.9</p><p>2015-02-13 21:32 - 2015-02-13 21:32 - 00001317 _____ () C:\Users\Nadeige\Desktop\FAX_20150211_1423685803_170 - Shortcut.lnk</p><p>2015-02-13 20:44 - 2015-02-13 20:44 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys</p><p>2015-02-13 20:43 - 2015-02-13 20:43 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Nadeige\Downloads\SpyHunter-Installer (2).exe</p><p>2015-02-13 20:41 - 2015-02-13 20:41 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Nadeige\Downloads\SpyHunter-Installer (1).exe</p><p>2015-02-13 14:49 - 2015-02-13 20:45 - 00001087 _____ () C:\Users\Nadeige\Desktop\SpyHunter.lnk</p><p>2015-02-13 14:49 - 2015-02-13 20:45 - 00000000 ____D () C:\Users\Nadeige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter</p><p>2015-02-13 14:49 - 2015-02-13 20:44 - 00000000 ____D () C:\Program Files\Enigma Software Group</p><p>2015-02-13 14:49 - 2015-02-13 14:49 - 00000000 ____D () C:\Users\Nadeige\AppData\Roaming\Enigma Software Group</p><p>2015-02-13 14:49 - 2015-02-13 14:49 - 00000000 ____D () C:\sh4ldr</p><p>2015-02-13 14:48 - 2015-02-13 14:48 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Nadeige\Downloads\SpyHunter-Installer.exe</p><p>2015-02-13 14:09 - 2015-02-13 14:09 - 00031399 _____ () C:\Users\Nadeige\Downloads\Addition.txt</p><p>2015-02-13 14:08 - 2015-02-23 17:27 - 00025094 _____ () C:\Users\Nadeige\Downloads\FRST.txt</p><p>2015-02-13 14:07 - 2015-02-23 17:26 - 00000000 ____D () C:\FRST</p><p>2015-02-13 14:06 - 2015-02-23 13:37 - 02087424 _____ (Farbar) C:\Users\Nadeige\Downloads\FRST64.exe</p><p>2015-02-13 10:37 - 2015-02-13 10:37 - 00000324 _____ () C:\Windows\Tasks\hpUrlLauncher.exe_{85576A96-665F-4A2E-B47A-750C3D7219E8}.job</p><p>2015-02-13 10:36 - 2015-02-13 10:36 - 00000400 _____ () C:\Windows\Tasks\ScanToPCActivationApp.exe_{77F015E9-4B86-4AEA-8D46-E785DBA38E10}.job</p><p>2015-02-13 10:36 - 2015-02-13 10:36 - 00000278 _____ () C:\Windows\Tasks\Toolbox.exe_{1FBFC67F-68B7-4DD0-995A-C45BDBB658BD}.job</p><p>2015-02-13 10:36 - 2015-02-13 10:36 - 00000240 _____ () C:\Windows\Tasks\WOWPrint.exe_{9E0B9DB1-C8B6-428D-BC72-458BAF6B7FB3}.job</p><p>2015-02-13 10:34 - 2015-02-13 10:35 - 00000000 ____D () C:\Users\Nadeige\AppData\Local\{35094088-1D34-47A1-BD63-8675FDED8F58}</p><p>2015-02-12 14:37 - 2015-02-12 14:37 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys</p><p>2015-02-12 14:37 - 2015-02-12 14:37 - 00000000 ____D () C:\ProgramData\RogueKiller</p><p>2015-02-12 14:36 - 2015-02-12 14:37 - 18570328 _____ () C:\Users\Nadeige\Downloads\RogueKillerX64.exe</p><p>2015-02-12 14:31 - 2015-02-12 14:31 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe</p><p>2015-02-12 14:15 - 2015-02-12 14:15 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2015-02-12 14:15 - 2015-02-12 14:15 - 00001897 _____ () C:\ProgramData\Desktop\HitmanPro.lnk</p><p>2015-02-12 14:15 - 2015-02-12 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2015-02-12 14:15 - 2015-02-12 14:15 - 00000000 ____D () C:\Program Files\HitmanPro</p><p>2015-02-12 14:14 - 2015-02-12 14:44 - 00000000 ____D () C:\ProgramData\HitmanPro</p><p>2015-02-12 14:14 - 2015-02-12 14:14 - 11227888 _____ (SurfRight B.V.) C:\Users\Nadeige\Downloads\HitmanPro_x64.exe</p><p>2015-02-12 14:13 - 2015-02-12 14:14 - 10288040 _____ (SurfRight B.V.) C:\Users\Nadeige\Downloads\HitmanPro.exe</p><p>2015-02-12 12:57 - 2015-02-12 12:59 - 00002956 _____ () C:\Users\Nadeige\Desktop\Rkill.txt</p><p>2015-02-12 12:57 - 2015-02-12 12:57 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Nadeige\Downloads\iExplore.exe</p><p>2015-02-12 12:48 - 2015-02-12 12:48 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Nadeige\Downloads\tdsskiller.exe</p><p>2015-02-12 10:04 - 2015-02-23 15:47 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2015-02-12 10:03 - 2015-02-23 15:46 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2015-02-12 10:03 - 2015-02-12 10:03 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2015-02-12 10:03 - 2015-02-12 10:03 - 00001066 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2015-02-12 10:03 - 2015-02-12 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2015-02-12 10:03 - 2015-02-12 10:03 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2015-02-12 10:03 - 2015-02-12 10:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2015-02-12 10:03 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys</p><p>2015-02-12 10:03 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys</p><p>2015-02-11 18:10 - 2015-02-11 18:10 - 00003478 _____ () C:\Users\Nadeige\Documents\eFaxInstall.log</p><p>2015-01-28 08:45 - 2015-01-28 08:45 - 00009899 _____ () C:\Users\Nadeige\Downloads\Sleep Log.xlsx</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-02-23 17:04 - 2014-12-19 11:23 - 00007214 _____ () C:\Windows\PFRO.log</p><p>2015-02-23 17:03 - 2014-12-16 20:59 - 00601241 _____ () C:\Windows\WindowsUpdate.log</p><p>2015-02-23 17:03 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2015-02-23 17:03 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2015-02-23 17:01 - 2012-03-10 20:31 - 00000260 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job</p><p>2015-02-23 17:00 - 2012-11-12 21:22 - 00000000 ____D () C:\Users\Nadeige\AppData\Local\Google</p><p>2015-02-23 17:00 - 2009-07-14 00:13 - 00006514 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2015-02-23 16:59 - 2013-02-28 15:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2015-02-23 16:58 - 2012-05-02 13:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater</p><p>2015-02-23 16:57 - 2014-12-19 17:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2015-02-23 16:57 - 2014-12-19 17:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2015-02-23 16:57 - 2014-12-19 17:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2015-02-23 16:55 - 2013-02-28 15:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2015-02-23 16:54 - 2014-12-19 11:24 - 00001120 _____ () C:\Windows\setupact.log</p><p>2015-02-23 16:54 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2015-02-23 14:23 - 2012-03-10 14:41 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{203089BB-DFE6-45B5-B81A-3E09D17A0FE3}</p><p>2015-02-20 18:59 - 2012-11-10 15:36 - 00000000 ____D () C:\Users\Nadeige\AppData\Roaming\Skype</p><p>2015-02-20 17:01 - 2011-10-13 13:32 - 00000000 ____D () C:\ProgramData\Skype</p><p>2015-02-13 10:48 - 2013-09-04 20:36 - 00000000 ____D () C:\Users\Nadeige\Documents\eFax Messenger 4.4</p><p>2015-02-13 10:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF</p><p>2015-02-13 10:34 - 2013-01-07 16:35 - 00000000 ____D () C:\Users\Nadeige\AppData\Local\Windows Live Writer</p><p>2015-02-13 10:31 - 2014-09-04 13:50 - 00000228 _____ () C:\Users\Nadeige\Desktop\My Account.url</p><p>2015-02-11 17:10 - 2012-03-10 20:30 - 00000000 ____D () C:\Users\Nadeige\AppData\Roaming\HpUpdate</p><p>2015-02-11 12:10 - 2015-01-15 14:41 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2015-02-11 12:10 - 2015-01-15 14:41 - 00002143 _____ () C:\ProgramData\Desktop\Google Chrome.lnk</p><p>2015-02-11 12:01 - 2013-02-28 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive</p><p>2015-02-11 11:54 - 2013-02-28 15:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA</p><p>2015-02-11 11:54 - 2013-02-28 15:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore</p><p>2015-02-11 11:54 - 2012-11-12 21:22 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294830945-2644369361-1329188904-1000Core</p><p></p><p>Files to move or delete:</p><p>====================</p><p>C:\Windows\Tasks\{18EEC0B1-BC3E-4855-B6A6-2D63CAB8EBCB}.job</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-02-11 13:05</p><p></p><p>==================== End Of Log ============================</p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015</p><p>Ran by Nadeige at 2015-02-23 17:28:00</p><p>Running from C:\Users\Nadeige\Downloads</p><p>Boot Mode: Safe Mode (with Networking)</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}</p><p>AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}</p><p>AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)</p><p>Adobe Reader X (10.1.2) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)</p><p>Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)</p><p>AdwCleaner 2015 Packages (HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\AdwCleaner 2015 Packages) (Version: - ) <==== ATTENTION</p><p>Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)</p><p>Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)</p><p>Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden</p><p>AuthenTec WinBio FingerPrint Software (HKLM\...\{4BDCF60D-EAAB-4595-B571-283F529F6AFA}) (Version: 3.2.2.1072 - AuthenTec, Inc.)</p><p>BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 70.2013.0709.2040 - F5 Networks, Inc.)</p><p>Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)</p><p>Binkiland (HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Binkiland) (Version: 31.0.1650.23 - Binkiland) <==== ATTENTION!</p><p>Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)</p><p>Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)</p><p>CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4422 - CyberLink Corp.)</p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>eFax Messenger (HKLM-x32\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.2.533 - j2 Global)</p><p>ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)</p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)</p><p>Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)</p><p>Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)</p><p>Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden</p><p>Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden</p><p>Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden</p><p>HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.236 - SurfRight B.V.)</p><p>HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)</p><p>HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)</p><p>HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)</p><p>HP Documentation (HKLM-x32\...\{D25BAEFB-2216-4757-90FF-0007635BE7A1}) (Version: 1.1.1.0 - Hewlett-Packard)</p><p>HP ENVY 110 series Basic Device Software (HKLM\...\{9EDA8125-D287-4AD1-BE32-6B105A275645}) (Version: 25.0.622.0 - Hewlett-Packard Co.)</p><p>HP ENVY 110 series Help (HKLM-x32\...\{D4444B31-E9E9-4389-B35D-41B5BCA5E9FB}) (Version: 140.0.2.2 - Hewlett Packard)</p><p>HP ENVY 110 series Product Improvement Study (HKLM\...\{3C7D695E-E2A7-4876-9CCB-B38AB87EE904}) (Version: 25.0.622.0 - Hewlett-Packard Co.)</p><p>HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)</p><p>HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)</p><p>HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)</p><p>HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)</p><p>HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)</p><p>HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)</p><p>HP QuickWeb (HKLM-x32\...\{D6159AEF-32BD-4177-82AE-5ED1F0F0DC1D}) (Version: 3.1.1.10066 - Hewlett-Packard Company)</p><p>HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)</p><p>HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)</p><p>HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)</p><p>HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)</p><p>HP Software Framework (HKLM-x32\...\{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}) (Version: 4.5.12.1 - Hewlett-Packard Company)</p><p>HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)</p><p>HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden</p><p>Hyland Web ActiveX Controls (HKLM-x32\...\{1260D0FF-57A1-4F34-9864-46C4B9023DAC}) (Version: 12.0.022 - Hyland Software)</p><p>iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)</p><p>IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6359.0 - IDT)</p><p>Intel(R) Identity Protection Technology 1.2.22.0 (HKLM-x32\...\{387B63A5-5016-1015-B06B-A9A1030E3125}) (Version: 1.2.22.0 - Intel Corporation)</p><p>Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)</p><p>Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)</p><p>Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)</p><p>Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.2.1001 - Intel Corporation)</p><p>Intel(R) Smart Connect Technology 1.0 (HKLM-x32\...\{0A918A9E-74F2-41CB-969F-FB0CB9A51DD8}) (Version: 1.0.698.0 - Intel)</p><p>Intel(R) WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)</p><p>Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )</p><p>Intel® PROSet/Wireless WiFi Software (HKLM\...\{E2D0B67F-8032-4E11-87C6-C8C721D331B3}) (Version: 15.01.0500.0903 - Intel Corporation)</p><p>Intelli Term 1.10.0.9 (HKLM-x32\...\IntelliTerm_1.10.0.9) (Version: 1.10.0.9 - Intelli Term)</p><p>iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)</p><p>Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)</p><p>Juniper Networks Network Connect 6.5.0 (HKLM-x32\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.16339 - Juniper Networks)</p><p>Juniper Networks Setup Client (HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Juniper_Setup_Client) (Version: 2.1.4.7717 - Juniper Networks)</p><p>Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)</p><p>Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Messageware AttachView Add-in for Saving Files x64 (HKLM-x32\...\MWAREDATT) (Version: - )</p><p>Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)</p><p>Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)</p><p>Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)</p><p>Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)</p><p>Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)</p><p>Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden</p><p>PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)</p><p>QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)</p><p>Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)</p><p>Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)</p><p>Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)</p><p>Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden</p><p>Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.1.3.0 - Seagate)</p><p>Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden</p><p>Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)</p><p>Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)</p><p>SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)</p><p>swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden</p><p>Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.16.1 - Synaptics Incorporated)</p><p>TiVo Desktop 2.8.3 (HKLM-x32\...\{4E839090-3B68-436A-B3CF-A2A08C38DD26}) (Version: 2.8.412.370 - TiVo Inc.)</p><p>VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden</p><p>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)</p><p>Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-3294830945-2644369361-1329188904-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Nadeige\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-3294830945-2644369361-1329188904-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Nadeige\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-3294830945-2644369361-1329188904-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Nadeige\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-3294830945-2644369361-1329188904-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Nadeige\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-3294830945-2644369361-1329188904-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Nadeige\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File</p><p></p><p>==================== Restore Points =========================</p><p></p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2013-06-03 21:32 - 2013-11-07 15:29 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {0706B651-C48B-4B21-8BF3-78D5C91851B0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294830945-2644369361-1329188904-1000Core => C:\Users\Nadeige\AppData\Local\Google\Update\GoogleUpdate.exe</p><p>Task: {1020CFFD-3D0D-4D65-AA78-2C98874EAD33} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28] (Google Inc.)</p><p>Task: {1CAAA4A9-A3E6-48F6-BF53-BA8C6E8FD079} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3294830945-2644369361-1329188904-1000</p><p>Task: {2DB891B0-FAAE-48D8-800C-F8254E128C22} - System32\Tasks\Nadeige Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)</p><p>Task: {3132D859-090A-41C7-815B-9F897CA867C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe</p><p>Task: {3DB1B43C-06E9-439B-AF7B-B275BB953F3F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-23] (Adobe Systems Incorporated)</p><p>Task: {4B0FD2AC-C8C0-4099-90C5-361083D667AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28] (Google Inc.)</p><p>Task: {4B7F94BD-0B6C-4310-A799-84829F39C686} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-04-30] (Seagate Technology LLC)</p><p>Task: {4F5E158F-325D-4B61-B1D5-E8BC66827B68} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()</p><p>Task: {5089F1AE-5755-4F5F-9C7C-17EF9832CA6B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)</p><p>Task: {578EF451-F3CA-4A39-8EA9-2D10236EA2C6} - System32\Tasks\Nadeige DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-04-30] (Seagate Technology LLC)</p><p>Task: {603F8EEC-35C2-484F-854F-33FEE7CC269C} - System32\Tasks\Nadeige => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)</p><p>Task: {704D6ADA-148B-459F-B8C1-3AD8CDA617E2} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-22] (CyberLink)</p><p>Task: {72201A15-4B10-4C4D-937C-87A71631ED6C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe</p><p>Task: {9316CDA8-BBA5-473A-A397-53DFFBD54BEA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc</p><p>Task: {94CDAF49-F2EB-491B-8AD6-7A145998AD36} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe [2011-05-13] (Microsoft)</p><p>Task: {9C9F5BC9-1AFC-4BEA-A9C2-27D3532FA147} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)</p><p>Task: {E140983B-2EB3-48FA-8443-2ED9C16587B8} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)</p><p>Task: {E96CDAF5-FD5E-49A0-8DF4-440FD7FC3498} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)</p><p>Task: {FA2A317E-BDDD-4C4D-9046-A7517499ECF1} - System32\Tasks\HPCustParticipation HP ENVY 110 series => C:\Program Files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe [2011-09-19] (Hewlett-Packard Co.)</p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe</p><p>Task: C:\Windows\Tasks\hpUrlLauncher.exe_{85576A96-665F-4A2E-B47A-750C3D7219E8}.job => C:\Program Files\HP\HP ENVY 110 series\Bin\utils\hpUrlLauncher.exe(<a href="https://h30495.www3.hp.com" target="_blank">https://h30495.www3.hp.com</a></p><p>Task: C:\Windows\Tasks\ScanToPCActivationApp.exe_{77F015E9-4B86-4AEA-8D46-E785DBA38E10}.job => C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe</p><p>Task: C:\Windows\Tasks\Toolbox.exe_{1FBFC67F-68B7-4DD0-995A-C45BDBB658BD}.job => C:\Program Files\HP\HP ENVY 110 series\Bin\Toolbox.exe</p><p>Task: C:\Windows\Tasks\WOWPrint.exe_{9E0B9DB1-C8B6-428D-BC72-458BAF6B7FB3}.job => C:\Program Files\HP\HP ENVY 110 series\Bin\WOWPrint.exe</p><p>Task: C:\Windows\Tasks\{18EEC0B1-BC3E-4855-B6A6-2D63CAB8EBCB}.job => c:\users\nadeige\appdata\local\binkiland\application\binkiland.exeLhttp://ui.skype.com/ui/0/7.1.60.105/en/go/help.faq.ins</p><p></p><p>==================== Loaded Modules (whitelisted) ==============</p><p></p><p>2015-01-26 01:22 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Nadeige\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll</p><p>2015-01-26 01:22 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Nadeige\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll</p><p>2015-02-11 12:10 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"</p><p></p><p>==================== EXE Association (whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nadeige\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg</p><p>DNS Servers: 192.168.1.1</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Administrator (S-1-5-21-3294830945-2644369361-1329188904-500 - Administrator - Disabled)</p><p>Guest (S-1-5-21-3294830945-2644369361-1329188904-501 - Limited - Enabled) => C:\Users\Guest</p><p>HomeGroupUser$ (S-1-5-21-3294830945-2644369361-1329188904-1002 - Limited - Enabled)</p><p>Jackie (S-1-5-21-3294830945-2644369361-1329188904-1004 - Limited - Enabled) => C:\Users\Jackie</p><p>Nadeige (S-1-5-21-3294830945-2644369361-1329188904-1000 - Administrator - Enabled) => C:\Users\Nadeige</p><p>Stephen (S-1-5-21-3294830945-2644369361-1329188904-1003 - Limited - Enabled) => C:\Users\Stephen</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: itnfd_1_10_0_9</p><p>Description: itnfd_1_10_0_9</p><p>Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}</p><p>Manufacturer: </p><p>Service: itnfd_1_10_0_9</p><p>Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)</p><p>Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.</p><p>Devices stay in this state if they have been prepared for removal.</p><p>After you remove the device, this error disappears.Remove the device, and this error should be resolved.</p><p></p><p>Name: Security Processor Loader Driver</p><p>Description: Security Processor Loader Driver</p><p>Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}</p><p>Manufacturer: </p><p>Service: spldr</p><p>Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)</p><p>Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.</p><p>Devices stay in this state if they have been prepared for removal.</p><p>After you remove the device, this error disappears.Remove the device, and this error should be resolved.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (02/23/2015 05:05:47 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (02/23/2015 05:00:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)</p><p>Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.</p><p></p><p>Error: (02/23/2015 05:00:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)</p><p>Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.</p><p></p><p>Error: (02/23/2015 04:54:24 PM) (Source: itsvc_1.10.0.9) (EventID: 0) (User: )</p><p>Description: itsvc_1.10.0.9Intelli Term Client Service failed to connect to driver</p><p></p><p>Error: (02/23/2015 04:54:19 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (02/23/2015 04:54:13 PM) (Source: ISCT Agent) (EventID: 1003) (User: )</p><p>Description: CIRSTDriverApi::CreateInstance *****Unable to open the IRST device driver</p><p></p><p>Error: (02/23/2015 04:54:13 PM) (Source: ISCT Agent) (EventID: 1003) (User: )</p><p>Description: CDriverApi::GetInterfaceAlias *****Unable to enumerate device interfaces, error=0x103</p><p></p><p>Error: (02/23/2015 04:53:26 PM) (Source: System Restore) (EventID: 8193) (User: )</p><p>Description: Failed to create restore point (Process = C:\Users\Nadeige\Desktop\mbar\mbar.exe "C:\Users\Nadeige\Desktop\mbar" ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).</p><p></p><p>Error: (02/23/2015 04:53:26 PM) (Source: System Restore) (EventID: 8193) (User: )</p><p>Description: Failed to create restore point (Process = C:\Users\Nadeige\Desktop\mbar\mbar.exe "C:\Users\Nadeige\Desktop\mbar" ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).</p><p></p><p>Error: (02/23/2015 03:23:14 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (02/23/2015 05:28:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (02/23/2015 05:28:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (02/23/2015 05:28:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (02/23/2015 05:28:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (02/23/2015 05:28:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (02/23/2015 05:28:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (02/23/2015 05:26:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (02/23/2015 05:26:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (02/23/2015 05:26:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (02/23/2015 05:25:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (02/23/2015 05:05:47 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (02/23/2015 05:00:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)</p><p>Description: WmiApRplWmiApRpl8F20300004D070000</p><p></p><p>Error: (02/23/2015 05:00:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)</p><p>Description: Performance1637070000000000000000000009030000</p><p></p><p>Error: (02/23/2015 04:54:24 PM) (Source: itsvc_1.10.0.9) (EventID: 0) (User: )</p><p>Description: itsvc_1.10.0.9Intelli Term Client Service failed to connect to driver</p><p></p><p>Error: (02/23/2015 04:54:19 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (02/23/2015 04:54:13 PM) (Source: ISCT Agent) (EventID: 1003) (User: )</p><p>Description: CIRSTDriverApi::CreateInstance *****Unable to open the IRST device driver</p><p></p><p>Error: (02/23/2015 04:54:13 PM) (Source: ISCT Agent) (EventID: 1003) (User: )</p><p>Description: CDriverApi::GetInterfaceAlias *****Unable to enumerate device interfaces, error=0x103</p><p></p><p>Error: (02/23/2015 04:53:26 PM) (Source: System Restore) (EventID: 8193) (User: )</p><p>Description: C:\Users\Nadeige\Desktop\mbar\mbar.exe "C:\Users\Nadeige\Desktop\mbar" Malwarebytes Anti-Rootkit Restore Point0x8007043c</p><p></p><p>Error: (02/23/2015 04:53:26 PM) (Source: System Restore) (EventID: 8193) (User: )</p><p>Description: C:\Users\Nadeige\Desktop\mbar\mbar.exe "C:\Users\Nadeige\Desktop\mbar" Malwarebytes Anti-Rootkit Restore Point0x8007043c</p><p></p><p>Error: (02/23/2015 03:23:14 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz</p><p>Percentage of memory in use: 13%</p><p>Total physical RAM: 8139.81 MB</p><p>Available physical RAM: 7058.64 MB</p><p>Total Pagefile: 16277.8 MB</p><p>Available Pagefile: 15199.86 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.84 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:677.62 GB) (Free:551.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive d: (Recovery) (Fixed) (Total:16.85 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.09 GB) FAT32</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 99E03F5A)</p><p>Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=677.6 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS)</p><p>Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)</p><p></p><p>==================== End Of Log ============================</p><p></p><p>Any additional suggestions?</p></blockquote><p></p>
[QUOTE="Nasage, post: 353121, member: 34148"] Ran the 2 tools. 1 malware detected by Malwarebytes anti-rootkit tool. Restarted computer in normal mode, but still unable to access internet. Tried to open chrome but received message stating couldn't find page. Tried to search for google, but then received message stating could not access network. Still able to access internet in safe mode with networking. Here are the logs: Malwarebytes Anti-Rootkit BETA 1.09.1.1004 [URL="http://www.malwarebytes.org"]www.malwarebytes.org[/URL] Database version: main: v2015.02.23.07 rootkit: v2015.02.22.01 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 11.0.9600.17501 Nadeige :: NADEIGE-HP [administrator] 2/23/2015 3:47:34 PM mbar-log-2015-02-23 (15-47-34).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 476556 Time elapsed: 45 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\WINDOWS\SYSTEM32\drivers\itnfd_1_10_0_9.sys (PUP.Optional.IntelliTerm.A) -> Delete on reboot. [bb582289d17dab6c47a57f15e1134e8f] Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.1.1004 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 System is currently in a safe mode Account is Administrative Internet Explorer version: 11.0.9600.17501 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.494000 GHz Memory total: 8535212032, free: 7378268160 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.1.1004 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 System is currently in a safe mode Account is Administrative Internet Explorer version: 11.0.9600.17501 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.494000 GHz Memory total: 8535212032, free: 7398158336 Downloaded database version: v2015.02.23.07 Downloaded database version: v2015.02.22.01 Downloaded database version: v2014.12.06.01 ======================================= Initializing... ------------ Kernel report ------------ 02/23/2015 15:47:22 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\iaStor.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\wd.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\hpdskflt.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\itnfd_1_10_0_9.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\Netwsw00.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\nusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\ISCTD64.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\system32\drivers\blbdrive.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\dsNcAdpt.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\covpnv64.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\iwdbus.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\nusb3hub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\framebuf.dll \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\ws2_32.dll \Windows\System32\shlwapi.dll \Windows\System32\urlmon.dll \Windows\System32\comdlg32.dll \Windows\System32\shell32.dll \Windows\System32\clbcatq.dll \Windows\System32\msvcrt.dll \Windows\System32\advapi32.dll \Windows\System32\ole32.dll \Windows\System32\lpk.dll \Windows\System32\user32.dll \Windows\System32\imm32.dll \Windows\System32\oleaut32.dll \Windows\System32\nsi.dll \Windows\System32\psapi.dll \Windows\System32\sechost.dll \Windows\System32\rpcrt4.dll \Windows\System32\imagehlp.dll \Windows\System32\kernel32.dll \Windows\System32\difxapi.dll \Windows\System32\Wldap32.dll \Windows\System32\msctf.dll \Windows\System32\wininet.dll \Windows\System32\iertutil.dll \Windows\System32\usp10.dll \Windows\System32\normaliz.dll \Windows\System32\setupapi.dll \Windows\System32\gdi32.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\userenv.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\comctl32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\profapi.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! Scan started Database versions: main: v2015.02.23.07 rootkit: v2015.02.22.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800a306060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800a306b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800a306060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800a159b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa8007e1d050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... File C:\WINDOWS\SYSTEM32\drivers\itnfd_1_10_0_9.sys will be destroyed Infected: C:\WINDOWS\SYSTEM32\drivers\itnfd_1_10_0_9.sys --> [PUP.Optional.IntelliTerm.A] Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 99E03F5A Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 1421078528 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1421488128 Numsec = 35338240 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1456826368 Numsec = 8318976 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Done! Scan finished Creating System Restore point... Could not create restore point... Cleaning up... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015 Ran by Nadeige (administrator) on NADEIGE-HP on 23-02-2015 17:26:37 Running from C:\Users\Nadeige\Downloads Loaded Profiles: Nadeige (Available profiles: Nadeige & Stephen & Jackie & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser path: "C:\Users\Nadeige\AppData\Local\Binkiland\Application\Binkiland.exe" -- "%1") Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: [URL]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2814760 2011-07-15] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-08-16] (IDT, Inc.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation) HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-09-02] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.) HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [HP ENVY 110 series (NET)] => C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-19] (Hewlett-Packard Co.) HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [TivoServer] => C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [TivoTransfer] => C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [TivoNotify] => C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [TranscodingService] => C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC) HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [eFax 4.4] => C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe [95744 2012-08-29] (j2 Global Communications, Inc.) HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.) HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21652064 2014-07-24] (Skype Technologies S.A.) HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Run: [GoogleChromeAutoLaunch_520DFFCEC26609FEBA3C6B9D2A50E1C1] => "C:\Users\Nadeige\AppData\Local\Binkiland\Application\binkiland.exe" --no-startup-window Startup: C:\Users\Nadeige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.) Startup: C:\Users\Nadeige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 110 series (Network).lnk ShortcutTarget: Monitor Ink Alerts - HP ENVY 110 series (Network).lnk -> C:\Program Files\HP\HP ENVY 110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3294830945-2644369361-1329188904-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = [URL]https://www.google.com/search?q={searchTerms}[/URL] BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: HKLM-x32 {D9CDEFE3-51BB-4737-A12C-53D9814A148C} [URL]https://mail.nyumc.org/ecp/MWScripts/Attachview/2.0/DAX.cab[/URL] DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\Nadeige\AppData\Local\Temp\f5tmp\urxhost.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [URL]https://nyuremote.nyumc.org/dana-cached/sc/JuniperSetupClient.cab[/URL] Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [[email]quickprint@hp.com[/email]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-03-10] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn [2015-02-23] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF [2014-08-20] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Profile: C:\Users\Nadeige\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nadeige\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-26] CHR Extension: (Website Logon) - C:\Users\Nadeige\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2013-06-03] CHR Extension: (Google Wallet) - C:\Users\Nadeige\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-26] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - [URL]https://clients2.google.com/service/update2/crx[/URL] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-26] CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - [URL]https://clients2.google.com/service/update2/crx[/URL] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-26] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP) S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed] S2 ISCTAgent; C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [93696 2011-09-06] () S2 itsvc_1.10.0.9; C:\Program Files (x86)\IntelliTerm_1.10.0.9\Service\itsvc.exe [278608 2015-02-06] (Intelli Term) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] () S2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation) S2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC) S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC) S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-02-13] (Enigma Software Group USA, LLC.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation) S3 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation) S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-11] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-02-11] (Symantec Corporation) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-13] () S3 f5ipfw; C:\Windows\system32\drivers\urfltv64.sys [18992 2013-02-13] (F5 Networks, Inc.) S3 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20150210.001\IDSvia64.sys [669400 2015-02-10] (Symantec Corporation) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2011-09-06] () S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20150210.038\ENG64.SYS [129752 2015-02-11] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20150210.038\EX64.SYS [2137304 2015-02-11] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation) S3 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation) S3 SymDS; C:\Windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) S3 SymEFA; C:\Windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-31] (Symantec Corporation) S3 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) S3 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation) U5 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [37624 2015-02-12] () R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [45776 2012-04-05] (F5 Networks, Inc.) S1 itnfd_1_10_0_9; system32\drivers\itnfd_1_10_0_9.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-23 15:47 - 2015-02-23 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-02-23 15:45 - 2015-02-23 17:25 - 00000000 ____D () C:\Users\Nadeige\Desktop\mbar 2015-02-23 15:44 - 2015-02-23 15:44 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Nadeige\Downloads\mbar-1.09.1.1004.exe 2015-02-23 15:23 - 2015-02-23 15:32 - 00000000 ____D () C:\Program Files (x86)\ShowMyPCService 2015-02-23 13:37 - 2015-02-23 13:37 - 00000000 ____D () C:\Users\Nadeige\Downloads\FRST-OlderVersion 2015-02-23 13:31 - 2015-02-23 13:31 - 00001051 _____ () C:\Users\Nadeige\Desktop\AdwCleaner[S2].txt 2015-02-23 13:29 - 2015-02-23 13:31 - 00000986 _____ () C:\Users\Nadeige\Desktop\AdwCleaner[R2].txt 2015-02-23 13:26 - 2015-02-23 13:26 - 02126848 _____ () C:\Users\Nadeige\Downloads\AdwCleaner.exe 2015-02-20 17:01 - 2015-02-20 17:01 - 00000402 _____ () C:\Windows\Tasks\{18EEC0B1-BC3E-4855-B6A6-2D63CAB8EBCB}.job 2015-02-13 23:04 - 2015-02-23 13:34 - 00000000 ____D () C:\AdwCleaner 2015-02-13 23:02 - 2015-02-13 23:02 - 00002261 _____ () C:\Users\Nadeige\Desktop\Binkiland.lnk 2015-02-13 23:01 - 2015-02-13 23:01 - 00701824 _____ (Generic Application ) C:\Users\Nadeige\Downloads\AdwCleaner Setup.exe 2015-02-13 23:01 - 2015-02-13 23:01 - 00000000 ____D () C:\Users\Nadeige\AppData\Roaming\0D1T1C2W1P1G0D0L0M 2015-02-13 23:01 - 2015-02-13 23:01 - 00000000 ____D () C:\Program Files (x86)\IntelliTerm_1.10.0.9 2015-02-13 21:32 - 2015-02-13 21:32 - 00001317 _____ () C:\Users\Nadeige\Desktop\FAX_20150211_1423685803_170 - Shortcut.lnk 2015-02-13 20:44 - 2015-02-13 20:44 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys 2015-02-13 20:43 - 2015-02-13 20:43 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Nadeige\Downloads\SpyHunter-Installer (2).exe 2015-02-13 20:41 - 2015-02-13 20:41 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Nadeige\Downloads\SpyHunter-Installer (1).exe 2015-02-13 14:49 - 2015-02-13 20:45 - 00001087 _____ () C:\Users\Nadeige\Desktop\SpyHunter.lnk 2015-02-13 14:49 - 2015-02-13 20:45 - 00000000 ____D () C:\Users\Nadeige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2015-02-13 14:49 - 2015-02-13 20:44 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-02-13 14:49 - 2015-02-13 14:49 - 00000000 ____D () C:\Users\Nadeige\AppData\Roaming\Enigma Software Group 2015-02-13 14:49 - 2015-02-13 14:49 - 00000000 ____D () C:\sh4ldr 2015-02-13 14:48 - 2015-02-13 14:48 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Nadeige\Downloads\SpyHunter-Installer.exe 2015-02-13 14:09 - 2015-02-13 14:09 - 00031399 _____ () C:\Users\Nadeige\Downloads\Addition.txt 2015-02-13 14:08 - 2015-02-23 17:27 - 00025094 _____ () C:\Users\Nadeige\Downloads\FRST.txt 2015-02-13 14:07 - 2015-02-23 17:26 - 00000000 ____D () C:\FRST 2015-02-13 14:06 - 2015-02-23 13:37 - 02087424 _____ (Farbar) C:\Users\Nadeige\Downloads\FRST64.exe 2015-02-13 10:37 - 2015-02-13 10:37 - 00000324 _____ () C:\Windows\Tasks\hpUrlLauncher.exe_{85576A96-665F-4A2E-B47A-750C3D7219E8}.job 2015-02-13 10:36 - 2015-02-13 10:36 - 00000400 _____ () C:\Windows\Tasks\ScanToPCActivationApp.exe_{77F015E9-4B86-4AEA-8D46-E785DBA38E10}.job 2015-02-13 10:36 - 2015-02-13 10:36 - 00000278 _____ () C:\Windows\Tasks\Toolbox.exe_{1FBFC67F-68B7-4DD0-995A-C45BDBB658BD}.job 2015-02-13 10:36 - 2015-02-13 10:36 - 00000240 _____ () C:\Windows\Tasks\WOWPrint.exe_{9E0B9DB1-C8B6-428D-BC72-458BAF6B7FB3}.job 2015-02-13 10:34 - 2015-02-13 10:35 - 00000000 ____D () C:\Users\Nadeige\AppData\Local\{35094088-1D34-47A1-BD63-8675FDED8F58} 2015-02-12 14:37 - 2015-02-12 14:37 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2015-02-12 14:37 - 2015-02-12 14:37 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-02-12 14:36 - 2015-02-12 14:37 - 18570328 _____ () C:\Users\Nadeige\Downloads\RogueKillerX64.exe 2015-02-12 14:31 - 2015-02-12 14:31 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2015-02-12 14:15 - 2015-02-12 14:15 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2015-02-12 14:15 - 2015-02-12 14:15 - 00001897 _____ () C:\ProgramData\Desktop\HitmanPro.lnk 2015-02-12 14:15 - 2015-02-12 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-02-12 14:15 - 2015-02-12 14:15 - 00000000 ____D () C:\Program Files\HitmanPro 2015-02-12 14:14 - 2015-02-12 14:44 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-02-12 14:14 - 2015-02-12 14:14 - 11227888 _____ (SurfRight B.V.) C:\Users\Nadeige\Downloads\HitmanPro_x64.exe 2015-02-12 14:13 - 2015-02-12 14:14 - 10288040 _____ (SurfRight B.V.) C:\Users\Nadeige\Downloads\HitmanPro.exe 2015-02-12 12:57 - 2015-02-12 12:59 - 00002956 _____ () C:\Users\Nadeige\Desktop\Rkill.txt 2015-02-12 12:57 - 2015-02-12 12:57 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Nadeige\Downloads\iExplore.exe 2015-02-12 12:48 - 2015-02-12 12:48 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Nadeige\Downloads\tdsskiller.exe 2015-02-12 10:04 - 2015-02-23 15:47 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-12 10:03 - 2015-02-23 15:46 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-12 10:03 - 2015-02-12 10:03 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-02-12 10:03 - 2015-02-12 10:03 - 00001066 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk 2015-02-12 10:03 - 2015-02-12 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-02-12 10:03 - 2015-02-12 10:03 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-12 10:03 - 2015-02-12 10:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-02-12 10:03 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-12 10:03 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-11 18:10 - 2015-02-11 18:10 - 00003478 _____ () C:\Users\Nadeige\Documents\eFaxInstall.log 2015-01-28 08:45 - 2015-01-28 08:45 - 00009899 _____ () C:\Users\Nadeige\Downloads\Sleep Log.xlsx ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-23 17:04 - 2014-12-19 11:23 - 00007214 _____ () C:\Windows\PFRO.log 2015-02-23 17:03 - 2014-12-16 20:59 - 00601241 _____ () C:\Windows\WindowsUpdate.log 2015-02-23 17:03 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-23 17:03 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-23 17:01 - 2012-03-10 20:31 - 00000260 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job 2015-02-23 17:00 - 2012-11-12 21:22 - 00000000 ____D () C:\Users\Nadeige\AppData\Local\Google 2015-02-23 17:00 - 2009-07-14 00:13 - 00006514 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-23 16:59 - 2013-02-28 15:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-23 16:58 - 2012-05-02 13:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-23 16:57 - 2014-12-19 17:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-23 16:57 - 2014-12-19 17:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-23 16:57 - 2014-12-19 17:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-23 16:55 - 2013-02-28 15:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-23 16:54 - 2014-12-19 11:24 - 00001120 _____ () C:\Windows\setupact.log 2015-02-23 16:54 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-23 14:23 - 2012-03-10 14:41 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{203089BB-DFE6-45B5-B81A-3E09D17A0FE3} 2015-02-20 18:59 - 2012-11-10 15:36 - 00000000 ____D () C:\Users\Nadeige\AppData\Roaming\Skype 2015-02-20 17:01 - 2011-10-13 13:32 - 00000000 ____D () C:\ProgramData\Skype 2015-02-13 10:48 - 2013-09-04 20:36 - 00000000 ____D () C:\Users\Nadeige\Documents\eFax Messenger 4.4 2015-02-13 10:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-02-13 10:34 - 2013-01-07 16:35 - 00000000 ____D () C:\Users\Nadeige\AppData\Local\Windows Live Writer 2015-02-13 10:31 - 2014-09-04 13:50 - 00000228 _____ () C:\Users\Nadeige\Desktop\My Account.url 2015-02-11 17:10 - 2012-03-10 20:30 - 00000000 ____D () C:\Users\Nadeige\AppData\Roaming\HpUpdate 2015-02-11 12:10 - 2015-01-15 14:41 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-11 12:10 - 2015-01-15 14:41 - 00002143 _____ () C:\ProgramData\Desktop\Google Chrome.lnk 2015-02-11 12:01 - 2013-02-28 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-02-11 11:54 - 2013-02-28 15:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-11 11:54 - 2013-02-28 15:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-11 11:54 - 2012-11-12 21:22 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294830945-2644369361-1329188904-1000Core Files to move or delete: ==================== C:\Windows\Tasks\{18EEC0B1-BC3E-4855-B6A6-2D63CAB8EBCB}.job ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-11 13:05 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015 Ran by Nadeige at 2015-02-23 17:28:00 Running from C:\Users\Nadeige\Downloads Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader X (10.1.2) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.2 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.) AdwCleaner 2015 Packages (HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\AdwCleaner 2015 Packages) (Version: - ) <==== ATTENTION Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden AuthenTec WinBio FingerPrint Software (HKLM\...\{4BDCF60D-EAAB-4595-B571-283F529F6AFA}) (Version: 3.2.2.1072 - AuthenTec, Inc.) BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 70.2013.0709.2040 - F5 Networks, Inc.) Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) Binkiland (HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Binkiland) (Version: 31.0.1650.23 - Binkiland) <==== ATTENTION! Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4422 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden eFax Messenger (HKLM-x32\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.2.533 - j2 Global) ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.236 - SurfRight B.V.) HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company) HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard) HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{D25BAEFB-2216-4757-90FF-0007635BE7A1}) (Version: 1.1.1.0 - Hewlett-Packard) HP ENVY 110 series Basic Device Software (HKLM\...\{9EDA8125-D287-4AD1-BE32-6B105A275645}) (Version: 25.0.622.0 - Hewlett-Packard Co.) HP ENVY 110 series Help (HKLM-x32\...\{D4444B31-E9E9-4389-B35D-41B5BCA5E9FB}) (Version: 140.0.2.2 - Hewlett Packard) HP ENVY 110 series Product Improvement Study (HKLM\...\{3C7D695E-E2A7-4876-9CCB-B38AB87EE904}) (Version: 25.0.622.0 - Hewlett-Packard Co.) HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations) HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company) HP QuickWeb (HKLM-x32\...\{D6159AEF-32BD-4177-82AE-5ED1F0F0DC1D}) (Version: 3.1.1.10066 - Hewlett-Packard Company) HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company) HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}) (Version: 4.5.12.1 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden Hyland Web ActiveX Controls (HKLM-x32\...\{1260D0FF-57A1-4F34-9864-46C4B9023DAC}) (Version: 12.0.022 - Hyland Software) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6359.0 - IDT) Intel(R) Identity Protection Technology 1.2.22.0 (HKLM-x32\...\{387B63A5-5016-1015-B06B-A9A1030E3125}) (Version: 1.2.22.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.2.1001 - Intel Corporation) Intel(R) Smart Connect Technology 1.0 (HKLM-x32\...\{0A918A9E-74F2-41CB-969F-FB0CB9A51DD8}) (Version: 1.0.698.0 - Intel) Intel(R) WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel® PROSet/Wireless WiFi Software (HKLM\...\{E2D0B67F-8032-4E11-87C6-C8C721D331B3}) (Version: 15.01.0500.0903 - Intel Corporation) Intelli Term 1.10.0.9 (HKLM-x32\...\IntelliTerm_1.10.0.9) (Version: 1.10.0.9 - Intelli Term) iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.) Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle) Juniper Networks Network Connect 6.5.0 (HKLM-x32\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.16339 - Juniper Networks) Juniper Networks Setup Client (HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\...\Juniper_Setup_Client) (Version: 2.1.4.7717 - Juniper Networks) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messageware AttachView Add-in for Saving Files x64 (HKLM-x32\...\MWAREDATT) (Version: - ) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation) Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.1.3.0 - Seagate) Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.16.1 - Synaptics Incorporated) TiVo Desktop 2.8.3 (HKLM-x32\...\{4E839090-3B68-436A-B3CF-A2A08C38DD26}) (Version: 2.8.412.370 - TiVo Inc.) VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3294830945-2644369361-1329188904-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Nadeige\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3294830945-2644369361-1329188904-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Nadeige\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3294830945-2644369361-1329188904-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Nadeige\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3294830945-2644369361-1329188904-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Nadeige\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3294830945-2644369361-1329188904-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Nadeige\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-06-03 21:32 - 2013-11-07 15:29 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0706B651-C48B-4B21-8BF3-78D5C91851B0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294830945-2644369361-1329188904-1000Core => C:\Users\Nadeige\AppData\Local\Google\Update\GoogleUpdate.exe Task: {1020CFFD-3D0D-4D65-AA78-2C98874EAD33} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28] (Google Inc.) Task: {1CAAA4A9-A3E6-48F6-BF53-BA8C6E8FD079} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3294830945-2644369361-1329188904-1000 Task: {2DB891B0-FAAE-48D8-800C-F8254E128C22} - System32\Tasks\Nadeige Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC) Task: {3132D859-090A-41C7-815B-9F897CA867C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {3DB1B43C-06E9-439B-AF7B-B275BB953F3F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-23] (Adobe Systems Incorporated) Task: {4B0FD2AC-C8C0-4099-90C5-361083D667AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28] (Google Inc.) Task: {4B7F94BD-0B6C-4310-A799-84829F39C686} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-04-30] (Seagate Technology LLC) Task: {4F5E158F-325D-4B61-B1D5-E8BC66827B68} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] () Task: {5089F1AE-5755-4F5F-9C7C-17EF9832CA6B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {578EF451-F3CA-4A39-8EA9-2D10236EA2C6} - System32\Tasks\Nadeige DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-04-30] (Seagate Technology LLC) Task: {603F8EEC-35C2-484F-854F-33FEE7CC269C} - System32\Tasks\Nadeige => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC) Task: {704D6ADA-148B-459F-B8C1-3AD8CDA617E2} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-22] (CyberLink) Task: {72201A15-4B10-4C4D-937C-87A71631ED6C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe Task: {9316CDA8-BBA5-473A-A397-53DFFBD54BEA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {94CDAF49-F2EB-491B-8AD6-7A145998AD36} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe [2011-05-13] (Microsoft) Task: {9C9F5BC9-1AFC-4BEA-A9C2-27D3532FA147} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {E140983B-2EB3-48FA-8443-2ED9C16587B8} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {E96CDAF5-FD5E-49A0-8DF4-440FD7FC3498} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: {FA2A317E-BDDD-4C4D-9046-A7517499ECF1} - System32\Tasks\HPCustParticipation HP ENVY 110 series => C:\Program Files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe [2011-09-19] (Hewlett-Packard Co.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe Task: C:\Windows\Tasks\hpUrlLauncher.exe_{85576A96-665F-4A2E-B47A-750C3D7219E8}.job => C:\Program Files\HP\HP ENVY 110 series\Bin\utils\hpUrlLauncher.exe([URL]https://h30495.www3.hp.com[/URL] Task: C:\Windows\Tasks\ScanToPCActivationApp.exe_{77F015E9-4B86-4AEA-8D46-E785DBA38E10}.job => C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe Task: C:\Windows\Tasks\Toolbox.exe_{1FBFC67F-68B7-4DD0-995A-C45BDBB658BD}.job => C:\Program Files\HP\HP ENVY 110 series\Bin\Toolbox.exe Task: C:\Windows\Tasks\WOWPrint.exe_{9E0B9DB1-C8B6-428D-BC72-458BAF6B7FB3}.job => C:\Program Files\HP\HP ENVY 110 series\Bin\WOWPrint.exe Task: C:\Windows\Tasks\{18EEC0B1-BC3E-4855-B6A6-2D63CAB8EBCB}.job => c:\users\nadeige\appdata\local\binkiland\application\binkiland.exeLhttp://ui.skype.com/ui/0/7.1.60.105/en/go/help.faq.ins ==================== Loaded Modules (whitelisted) ============== 2015-01-26 01:22 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Nadeige\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2015-01-26 01:22 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Nadeige\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll 2015-02-11 12:10 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3294830945-2644369361-1329188904-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nadeige\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-3294830945-2644369361-1329188904-500 - Administrator - Disabled) Guest (S-1-5-21-3294830945-2644369361-1329188904-501 - Limited - Enabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-3294830945-2644369361-1329188904-1002 - Limited - Enabled) Jackie (S-1-5-21-3294830945-2644369361-1329188904-1004 - Limited - Enabled) => C:\Users\Jackie Nadeige (S-1-5-21-3294830945-2644369361-1329188904-1000 - Administrator - Enabled) => C:\Users\Nadeige Stephen (S-1-5-21-3294830945-2644369361-1329188904-1003 - Limited - Enabled) => C:\Users\Stephen ==================== Faulty Device Manager Devices ============= Name: itnfd_1_10_0_9 Description: itnfd_1_10_0_9 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: itnfd_1_10_0_9 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (02/23/2015 05:05:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/23/2015 05:00:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (02/23/2015 05:00:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (02/23/2015 04:54:24 PM) (Source: itsvc_1.10.0.9) (EventID: 0) (User: ) Description: itsvc_1.10.0.9Intelli Term Client Service failed to connect to driver Error: (02/23/2015 04:54:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/23/2015 04:54:13 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CIRSTDriverApi::CreateInstance *****Unable to open the IRST device driver Error: (02/23/2015 04:54:13 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CDriverApi::GetInterfaceAlias *****Unable to enumerate device interfaces, error=0x103 Error: (02/23/2015 04:53:26 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Users\Nadeige\Desktop\mbar\mbar.exe "C:\Users\Nadeige\Desktop\mbar" ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c). Error: (02/23/2015 04:53:26 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Users\Nadeige\Desktop\mbar\mbar.exe "C:\Users\Nadeige\Desktop\mbar" ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c). Error: (02/23/2015 03:23:14 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (02/23/2015 05:28:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (02/23/2015 05:28:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (02/23/2015 05:28:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (02/23/2015 05:28:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (02/23/2015 05:28:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (02/23/2015 05:28:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (02/23/2015 05:26:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (02/23/2015 05:26:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (02/23/2015 05:26:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (02/23/2015 05:25:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (02/23/2015 05:05:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/23/2015 05:00:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (02/23/2015 05:00:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (02/23/2015 04:54:24 PM) (Source: itsvc_1.10.0.9) (EventID: 0) (User: ) Description: itsvc_1.10.0.9Intelli Term Client Service failed to connect to driver Error: (02/23/2015 04:54:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/23/2015 04:54:13 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CIRSTDriverApi::CreateInstance *****Unable to open the IRST device driver Error: (02/23/2015 04:54:13 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CDriverApi::GetInterfaceAlias *****Unable to enumerate device interfaces, error=0x103 Error: (02/23/2015 04:53:26 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Users\Nadeige\Desktop\mbar\mbar.exe "C:\Users\Nadeige\Desktop\mbar" Malwarebytes Anti-Rootkit Restore Point0x8007043c Error: (02/23/2015 04:53:26 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Users\Nadeige\Desktop\mbar\mbar.exe "C:\Users\Nadeige\Desktop\mbar" Malwarebytes Anti-Rootkit Restore Point0x8007043c Error: (02/23/2015 03:23:14 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Percentage of memory in use: 13% Total physical RAM: 8139.81 MB Available physical RAM: 7058.64 MB Total Pagefile: 16277.8 MB Available Pagefile: 15199.86 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:677.62 GB) (Free:551.68 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:16.85 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.09 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 99E03F5A) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=677.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=4 GB) - (Type=0C) ==================== End Of Log ============================ Any additional suggestions? [/QUOTE]
Insert quotes…
Verification
Post reply
Top