Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Obrona Ads, Ads by Sasa, etc
Message
<blockquote data-quote="Dangrnwd" data-source="post: 336709" data-attributes="member: 33325"><p>I've pasted the four files in the order that you requested them.</p><p></p><p>Malwarebytes Anti-Rootkit BETA 1.08.3.1004</p><p><a href="http://www.malwarebytes.org" target="_blank">www.malwarebytes.org</a></p><p></p><p>Database version:</p><p> main: v2015.01.20.08</p><p> rootkit: v2015.01.14.01</p><p></p><p>Windows 7 Service Pack 1 x64 NTFS</p><p>Internet Explorer 11.0.9600.17501</p><p>Daniel'sComputer :: DANIELSCOMPUTER [administrator]</p><p></p><p>1/20/2015 12:11:09 PM</p><p>mbar-log-2015-01-20 (12-11-09).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken</p><p>Scan options disabled: </p><p>Objects scanned: 343525</p><p>Time elapsed: 7 minute(s), 23 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Physical Sectors Detected: 0</p><p>(No malicious items detected)</p><p></p><p>(end)</p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 11.0.9600.17501</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED</p><p>CPU speed: 1.696000 GHz</p><p>Memory total: 4192530432, free: 1768742912</p><p></p><p>Downloaded database version: v2015.01.19.08</p><p>Downloaded database version: v2015.01.14.01</p><p>Downloaded database version: v2014.12.06.01</p><p>=======================================</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 01/19/2015 10:30:34</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\hal.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\WMILIB.SYS</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\system32\drivers\iusb3hcs.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\drivers\compbatt.sys</p><p>\SystemRoot\system32\drivers\BATTC.SYS</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\drivers\iaStor.sys</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\N360x64\1506000.020\SYMDS64.SYS</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\drivers\wd.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\system32\drivers\hpdskflt.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\drivers\disk.sys</p><p>\SystemRoot\system32\drivers\CLASSPNP.SYS</p><p>\SystemRoot\system32\drivers\N360x64\1506000.020\ccSetx64.sys</p><p>\SystemRoot\system32\drivers\N360x64\1506000.020\SRTSP64.SYS</p><p>\SystemRoot\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS</p><p>\SystemRoot\system32\drivers\N360x64\1506000.020\Ironx64.SYS</p><p>\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\vwififlt.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\drivers\termdd.sys</p><p>\SystemRoot\system32\drivers\N360x64\1506000.020\SYMNETS.SYS</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\drivers\mssmbios.sys</p><p>\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys</p><p>\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\drivers\blbdrive.sys</p><p>\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150106.001\BHDrvx64.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\DRIVERS\igdkmd64.sys</p><p>\SystemRoot\System32\Drivers\fastfat.SYS</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\system32\drivers\iusb3xhc.sys</p><p>\SystemRoot\system32\drivers\USBD.SYS</p><p>\SystemRoot\system32\DRIVERS\HECIx64.sys</p><p>\SystemRoot\system32\drivers\usbehci.sys</p><p>\SystemRoot\system32\drivers\USBPORT.SYS</p><p>\SystemRoot\system32\drivers\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\RtsBaStor.sys</p><p>\SystemRoot\system32\DRIVERS\Rt64win7.sys</p><p>\SystemRoot\system32\DRIVERS\Netwsw00.sys</p><p>\SystemRoot\system32\DRIVERS\vwifibus.sys</p><p>\SystemRoot\system32\drivers\i8042prt.sys</p><p>\SystemRoot\system32\DRIVERS\ikbevent.sys</p><p>\SystemRoot\system32\drivers\kbdclass.sys</p><p>\SystemRoot\system32\drivers\SynTP.sys</p><p>\SystemRoot\system32\DRIVERS\imsevent.sys</p><p>\SystemRoot\system32\drivers\mouclass.sys</p><p>\SystemRoot\system32\drivers\CmBatt.sys</p><p>\SystemRoot\system32\drivers\Smb_driver.sys</p><p>\SystemRoot\system32\DRIVERS\Accelerometer.sys</p><p>\SystemRoot\system32\drivers\wmiacpi.sys</p><p>\SystemRoot\system32\drivers\intelppm.sys</p><p>\SystemRoot\system32\drivers\ISCTD64.sys</p><p>\SystemRoot\system32\drivers\irstrtdv.sys</p><p>\SystemRoot\system32\DRIVERS\AMPPAL.sys</p><p>\SystemRoot\system32\drivers\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\clwvd.sys</p><p>\SystemRoot\system32\DRIVERS\ks.sys</p><p>\SystemRoot\system32\drivers\ksthunk.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\drivers\swenum.sys</p><p>\SystemRoot\system32\DRIVERS\iwdbus.sys</p><p>\SystemRoot\system32\drivers\hswpan.sys</p><p>\SystemRoot\system32\DRIVERS\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\drivers\iusb3hub.sys</p><p>\SystemRoot\system32\DRIVERS\stwrt64.sys</p><p>\SystemRoot\system32\DRIVERS\portcls.sys</p><p>\SystemRoot\system32\DRIVERS\drmk.sys</p><p>\SystemRoot\system32\DRIVERS\IntcDAud.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_iaStor.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\System32\Drivers\usbvideo.sys</p><p>\SystemRoot\system32\DRIVERS\iBtFltCoex.sys</p><p>\SystemRoot\system32\DRIVERS\btmhsf.sys</p><p>\SystemRoot\System32\Drivers\BTHUSB.sys</p><p>\SystemRoot\System32\Drivers\bthport.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\system32\DRIVERS\rfcomm.sys</p><p>\SystemRoot\system32\drivers\BthEnum.sys</p><p>\SystemRoot\system32\DRIVERS\bthpan.sys</p><p>\SystemRoot\system32\DRIVERS\btmaux.sys</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\SystemRoot\system32\drivers\WudfPf.sys</p><p>\SystemRoot\system32\drivers\WPRO_41_2001.sys</p><p>\SystemRoot\system32\DRIVERS\vwifimp.sys</p><p>\??\C:\Users\DANIEL~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys</p><p>\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150116.001\IDSvia64.sys</p><p>\SystemRoot\System32\ATMFD.DLL</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150118.025\EX64.SYS</p><p>\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150118.025\ENG64.SYS</p><p>\??\C:\Windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>\Windows\System32\autochk.exe</p><p>\Windows\System32\clbcatq.dll</p><p>\Windows\System32\rpcrt4.dll</p><p>\Windows\System32\normaliz.dll</p><p>\Windows\System32\setupapi.dll</p><p>\Windows\System32\wininet.dll</p><p>\Windows\System32\ole32.dll</p><p>\Windows\System32\shell32.dll</p><p>\Windows\System32\imm32.dll</p><p>\Windows\System32\lpk.dll</p><p>\Windows\System32\iertutil.dll</p><p>\Windows\System32\oleaut32.dll</p><p>\Windows\System32\advapi32.dll</p><p>\Windows\System32\msvcrt.dll</p><p>\Windows\System32\urlmon.dll</p><p>\Windows\System32\msctf.dll</p><p>\Windows\System32\ws2_32.dll</p><p>\Windows\System32\comdlg32.dll</p><p>\Windows\System32\difxapi.dll</p><p>\Windows\System32\kernel32.dll</p><p>\Windows\System32\shlwapi.dll</p><p>\Windows\System32\imagehlp.dll</p><p>\Windows\System32\gdi32.dll</p><p>\Windows\System32\psapi.dll</p><p>\Windows\System32\user32.dll</p><p>\Windows\System32\usp10.dll</p><p>\Windows\System32\Wldap32.dll</p><p>\Windows\System32\nsi.dll</p><p>\Windows\System32\sechost.dll</p><p>\Windows\System32\wintrust.dll</p><p>\Windows\System32\KernelBase.dll</p><p>\Windows\System32\crypt32.dll</p><p>\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll</p><p>\Windows\System32\userenv.dll</p><p>\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll</p><p>\Windows\System32\comctl32.dll</p><p>\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll</p><p>\Windows\System32\cfgmgr32.dll</p><p>\Windows\System32\devobj.dll</p><p>\Windows\System32\profapi.dll</p><p>\Windows\System32\msasn1.dll</p><p>\Windows\SysWOW64\normaliz.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk1\DR1</p><p>Upper Device Object: 0xfffffa800633f060</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IAAStorageDevice-1\</p><p>Lower Device Object: 0xfffffa8004e88050</p><p>Lower Device Driver Name: \Driver\iaStor\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xfffffa800633e060</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IAAStorageDevice-0\</p><p>Lower Device Object: 0xfffffa8004e84050</p><p>Lower Device Driver Name: \Driver\iaStor\</p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xfffffa800633e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa80061d5aa0, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa800633e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa80061d4a60, DeviceName: Unknown, DriverName: \Driver\hpdskflt\</p><p>DevicePointer: 0xfffffa8004e84050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: F74225FC</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 407552</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 409600 Numsec = 935546880</p><p></p><p> Partition 2 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 935956480 Numsec = 40587264</p><p></p><p> Partition 3 type is Other (0xc)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 976543744 Numsec = 221184</p><p></p><p>Disk Size: 500104691712 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p>Physical Sector Size: 512</p><p>Drive: 1, DevicePointer: 0xfffffa800633f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa80061d6a30, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa800633f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa800633e920, DeviceName: Unknown, DriverName: \Driver\hpdskflt\</p><p>DevicePointer: 0xfffffa8004e88050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p>Drive 1</p><p>Scanning MBR on drive 1...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: E2030C0D</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Other (0x84)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 8384512</p><p></p><p> Partition 1 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 4294967296 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p>File C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf will be destroyed</p><p>Infected: C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf --> [PUP.Optional.WebInstr.A]</p><p>Infected: HKLM\SOFTWARE\WOW6432NODE\FREESOFTTODAY --> [Adware.EoRezo]</p><p>Scan finished</p><p>Creating System Restore point...</p><p>Cleaning up...</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Removal scheduling successful. System shutdown needed.</p><p>System shutdown occurred</p><p>=======================================</p><p></p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 11.0.9600.17501</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED</p><p>CPU speed: 1.696000 GHz</p><p>Memory total: 4192530432, free: 1410981888</p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.08.3.1004</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 11.0.9600.17501</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED</p><p>CPU speed: 1.696000 GHz</p><p>Memory total: 4192530432, free: 1170419712</p><p></p><p>Downloaded database version: v2015.01.20.08</p><p>Downloaded database version: v2015.01.14.01</p><p>Downloaded database version: v2014.12.06.01</p><p>=======================================</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 01/20/2015 12:11:01</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\hal.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\system32\drivers\CLASSPNP.SYS</p><p>\SystemRoot\System32\drivers\imofugc.sys</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\WMILIB.SYS</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\system32\drivers\iusb3hcs.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\drivers\compbatt.sys</p><p>\SystemRoot\system32\drivers\BATTC.SYS</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\drivers\iaStor.sys</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\N360x64\1506000.020\SYMDS64.SYS</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\drivers\wd.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\system32\drivers\hpdskflt.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\drivers\disk.sys</p><p>\SystemRoot\system32\drivers\N360x64\1506000.020\ccSetx64.sys</p><p>\SystemRoot\system32\drivers\N360x64\1506000.020\SRTSP64.SYS</p><p>\SystemRoot\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS</p><p>\SystemRoot\system32\drivers\N360x64\1506000.020\Ironx64.SYS</p><p>\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\vwififlt.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\drivers\termdd.sys</p><p>\SystemRoot\system32\drivers\N360x64\1506000.020\SYMNETS.SYS</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\drivers\mssmbios.sys</p><p>\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys</p><p>\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\drivers\blbdrive.sys</p><p>\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150106.001\BHDrvx64.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\DRIVERS\igdkmd64.sys</p><p>\SystemRoot\System32\Drivers\fastfat.SYS</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\system32\drivers\iusb3xhc.sys</p><p>\SystemRoot\system32\drivers\USBD.SYS</p><p>\SystemRoot\system32\DRIVERS\HECIx64.sys</p><p>\SystemRoot\system32\drivers\usbehci.sys</p><p>\SystemRoot\system32\drivers\USBPORT.SYS</p><p>\SystemRoot\system32\drivers\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\RtsBaStor.sys</p><p>\SystemRoot\system32\DRIVERS\Rt64win7.sys</p><p>\SystemRoot\system32\DRIVERS\Netwsw00.sys</p><p>\SystemRoot\system32\DRIVERS\vwifibus.sys</p><p>\SystemRoot\system32\drivers\i8042prt.sys</p><p>\SystemRoot\system32\DRIVERS\ikbevent.sys</p><p>\SystemRoot\system32\drivers\kbdclass.sys</p><p>\SystemRoot\system32\drivers\SynTP.sys</p><p>\SystemRoot\system32\DRIVERS\imsevent.sys</p><p>\SystemRoot\system32\drivers\mouclass.sys</p><p>\SystemRoot\system32\drivers\CmBatt.sys</p><p>\SystemRoot\system32\drivers\Smb_driver.sys</p><p>\SystemRoot\system32\DRIVERS\Accelerometer.sys</p><p>\SystemRoot\system32\drivers\wmiacpi.sys</p><p>\SystemRoot\system32\drivers\intelppm.sys</p><p>\SystemRoot\system32\drivers\ISCTD64.sys</p><p>\SystemRoot\system32\drivers\irstrtdv.sys</p><p>\SystemRoot\system32\DRIVERS\AMPPAL.sys</p><p>\SystemRoot\system32\drivers\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\clwvd.sys</p><p>\SystemRoot\system32\DRIVERS\ks.sys</p><p>\SystemRoot\system32\drivers\ksthunk.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\drivers\swenum.sys</p><p>\SystemRoot\system32\DRIVERS\iwdbus.sys</p><p>\SystemRoot\system32\drivers\hswpan.sys</p><p>\SystemRoot\system32\DRIVERS\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\drivers\iusb3hub.sys</p><p>\SystemRoot\system32\DRIVERS\stwrt64.sys</p><p>\SystemRoot\system32\DRIVERS\portcls.sys</p><p>\SystemRoot\system32\DRIVERS\drmk.sys</p><p>\SystemRoot\system32\DRIVERS\IntcDAud.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_iaStor.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\System32\Drivers\usbvideo.sys</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\system32\DRIVERS\iBtFltCoex.sys</p><p>\SystemRoot\system32\DRIVERS\btmhsf.sys</p><p>\SystemRoot\System32\Drivers\BTHUSB.sys</p><p>\SystemRoot\System32\Drivers\bthport.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\system32\DRIVERS\rfcomm.sys</p><p>\SystemRoot\system32\drivers\BthEnum.sys</p><p>\SystemRoot\system32\DRIVERS\bthpan.sys</p><p>\SystemRoot\system32\DRIVERS\btmaux.sys</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\SystemRoot\system32\DRIVERS\vwifimp.sys</p><p>\SystemRoot\system32\drivers\WPRO_41_2001.sys</p><p>\SystemRoot\system32\drivers\WudfPf.sys</p><p>\SystemRoot\System32\ATMFD.DLL</p><p>\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150119.003\EX64.SYS</p><p>\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150119.003\ENG64.SYS</p><p>\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150119.001\IDSvia64.sys</p><p>\??\C:\Windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>\Windows\System32\autochk.exe</p><p>\Windows\System32\usp10.dll</p><p>\Windows\System32\comdlg32.dll</p><p>\Windows\System32\oleaut32.dll</p><p>\Windows\System32\ws2_32.dll</p><p>\Windows\System32\shell32.dll</p><p>\Windows\System32\Wldap32.dll</p><p>\Windows\System32\kernel32.dll</p><p>\Windows\System32\normaliz.dll</p><p>\Windows\System32\rpcrt4.dll</p><p>\Windows\System32\msvcrt.dll</p><p>\Windows\System32\user32.dll</p><p>\Windows\System32\setupapi.dll</p><p>\Windows\System32\advapi32.dll</p><p>\Windows\System32\imm32.dll</p><p>\Windows\System32\sechost.dll</p><p>\Windows\System32\lpk.dll</p><p>\Windows\System32\psapi.dll</p><p>\Windows\System32\shlwapi.dll</p><p>\Windows\System32\ole32.dll</p><p>\Windows\System32\gdi32.dll</p><p>\Windows\System32\clbcatq.dll</p><p>\Windows\System32\difxapi.dll</p><p>\Windows\System32\nsi.dll</p><p>\Windows\System32\msctf.dll</p><p>\Windows\System32\urlmon.dll</p><p>\Windows\System32\wininet.dll</p><p>\Windows\System32\iertutil.dll</p><p>\Windows\System32\imagehlp.dll</p><p>\Windows\System32\userenv.dll</p><p>\Windows\System32\wintrust.dll</p><p>\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll</p><p>\Windows\System32\cfgmgr32.dll</p><p>\Windows\System32\comctl32.dll</p><p>\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll</p><p>\Windows\System32\devobj.dll</p><p>\Windows\System32\crypt32.dll</p><p>\Windows\System32\KernelBase.dll</p><p>\Windows\System32\msasn1.dll</p><p>\Windows\System32\profapi.dll</p><p>\Windows\SysWOW64\normaliz.dll</p><p>----------- End -----------</p><p>Done!</p><p></p><p>Scan started</p><p>Database versions:</p><p> main: v2015.01.20.08</p><p> rootkit: v2015.01.14.01</p><p></p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xfffffa8006320060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa8006320b90, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8006320060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa80061bdb10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\</p><p>DevicePointer: 0xfffffa8004bbc050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: F74225FC</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 407552</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 409600 Numsec = 935546880</p><p></p><p> Partition 2 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 935956480 Numsec = 40587264</p><p></p><p> Partition 3 type is Other (0xc)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 976543744 Numsec = 221184</p><p></p><p>Disk Size: 500104691712 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p>Physical Sector Size: 512</p><p>Drive: 1, DevicePointer: 0xfffffa8006321060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa8006321b90, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8006321060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa80061beb10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\</p><p>DevicePointer: 0xfffffa8004bc0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p>Drive 1</p><p>Scanning MBR on drive 1...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: E2030C0D</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Other (0x84)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 8384512</p><p></p><p> Partition 1 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 4294967296 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p>Scan finished</p><p>=======================================</p><p></p><p></p><p>Removal queue found; removal started</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...</p><p>Removal finished</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015</p><p>Ran by Daniel'sComputer (administrator) on DANIELSCOMPUTER on 20-01-2015 12:48:26</p><p>Running from C:\Users\Daniel'sComputer\Downloads</p><p>Loaded Profiles: Daniel'sComputer (Available profiles: Daniel'sComputer)</p><p>Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser: Chrome)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe</p><p>(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe</p><p>(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe</p><p>(Microsoft Corporation) C:\Windows\System32\wlanext.exe</p><p>(Vertro Inc.) C:\Users\Daniel'sComputer\AppData\LocalLow\alotservice\alotservice.exe</p><p>(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe</p><p>(HP) C:\Windows\System32\HPSIsvc.exe</p><p>(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe</p><p>(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe</p><p>() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe</p><p>(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</p><p>(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE</p><p>(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe</p><p>() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe</p><p>() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe</p><p>(Microsoft Corporation) C:\Windows\System32\rundll32.exe</p><p>(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe</p><p>(RedSky Sp. z o.o.) C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe</p><p>(Spotify Ltd) C:\Users\Daniel'sComputer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe</p><p>(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe</p><p>() C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\ProxyResetOnKill.exe</p><p>(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe</p><p>(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe</p><p>(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe</p><p>(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe</p><p>(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe</p><p>(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe</p><p>(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe</p><p>(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe</p><p>(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe</p><p>(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE</p><p>(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-01] (Synaptics Incorporated)</p><p>HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)</p><p>HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)</p><p>HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp</p><p>HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-10-30] (IDT, Inc.)</p><p>HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)</p><p>HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)</p><p>HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)</p><p>HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)</p><p>HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [] => [X]</p><p>HKLM-x32\...\Run: [fst_us_227] => [X]</p><p>HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Run: [Google Update] => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-14] (Google Inc.)</p><p>HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Run: [Obrona Block Ads] => C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe [1509336 2014-10-16] (RedSky Sp. z o.o.)</p><p>HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Run: [Spotify Web Helper] => C:\Users\Daniel'sComputer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-16] (Spotify Ltd)</p><p>HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\MountPoints2: {91d8925f-f7b3-11e1-b448-685d43884176} - E:\SISetup.exe</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk</p><p>ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)</p><p>ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)</p><p>ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)</p><p>ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)</p><p>GroupPolicy: Group Policy on Chrome detected <======= ATTENTION</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>ProxyEnable: [S-1-5-21-3141508201-2490937371-110901077-1000] => Internet Explorer proxy is enabled.</p><p>ProxyServer: [S-1-5-21-3141508201-2490937371-110901077-1000] => http=127.0.0.1:9880</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_" target="_blank">http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_" target="_blank">http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}" target="_blank">http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = <a href="http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}" target="_blank">http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_" target="_blank">http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_" target="_blank">http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}" target="_blank">http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}" target="_blank">http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}</a></p><p>StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe <a href="http://www.istart123.com/?type=sc&ts=1409020461&from=tugs&uid=_" target="_blank">http://www.istart123.com/?type=sc&ts=1409020461&from=tugs&uid=_</a></p><p>SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = <a href="http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}" target="_blank">http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}</a></p><p>SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <a href="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox" target="_blank">http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox</a></p><p>SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = <a href="http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF" target="_blank">http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF</a></p><p>SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = <a href="http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}" target="_blank">http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}</a></p><p>SearchScopes: HKLM -> {41984860-5C6A-449C-923F-ECDB575133B9} URL = <a href="http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}" target="_blank">http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}</a></p><p>SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = <a href="http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF" target="_blank">http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF</a></p><p>SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = <a href="http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}" target="_blank">http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}</a></p><p>SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = <a href="http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}" target="_blank">http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}</a></p><p>SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = <a href="http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}" target="_blank">http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}</a></p><p>SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = <a href="http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=ca59f961-dfcb-4a36-973b-9bde8bedda69&searchtype=ds&q={searchTerms}" target="_blank">http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=ca59f961-dfcb-4a36-973b-9bde8bedda69&searchtype=ds&q={searchTerms}</a></p><p>SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <a href="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox" target="_blank">http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox</a></p><p>SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = <a href="http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF" target="_blank">http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF</a></p><p>SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = <a href="http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}" target="_blank">http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}</a></p><p>SearchScopes: HKLM-x32 -> {41984860-5C6A-449C-923F-ECDB575133B9} URL = <a href="http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}" target="_blank">http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}</a></p><p>SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = <a href="http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF" target="_blank">http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF</a></p><p>SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = <a href="http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}" target="_blank">http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}</a></p><p>SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = <a href="http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}" target="_blank">http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}</a></p><p>SearchScopes: HKU\S-1-5-21-3141508201-2490937371-110901077-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = </p><p>SearchScopes: HKU\S-1-5-21-3141508201-2490937371-110901077-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = </p><p>BHO: videos MediaPlay-Air -> {11111111-1111-1111-1111-110611171199} -> C:\Program Files (x86)\videos MediaPlay-Air\videos MediaPlay-Air-bho64.dll No File</p><p>BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)</p><p>BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)</p><p>BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)</p><p>BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO: No Name -> {964968F9-058C-7826-FFDB-BC48A3C1CDCE} -> No File</p><p>BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)</p><p>BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)</p><p>BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)</p><p>BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)</p><p>BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)</p><p>BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO-x32: ALOT Appbar Helper -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc)</p><p>BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO-x32: No Name -> {964968F9-058C-7826-FFDB-BC48A3C1CDCE} -> No File</p><p>BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)</p><p>Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File</p><p>Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)</p><p>Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)</p><p>Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll (Vertro, Inc)</p><p>Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File</p><p>Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)</p><p>Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)</p><p>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>Tcpip\Parameters: [DhcpNameServer] 128.192.1.19 128.192.1.193 128.192.1.9</p><p></p><p>FireFox:</p><p>========</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</p><p>FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)</p><p>FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)</p><p>FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin HKU\S-1-5-21-3141508201-2490937371-110901077-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin HKU\S-1-5-21-3141508201-2490937371-110901077-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF</p><p>FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF [2015-01-08]</p><p>FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn</p><p>FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2015-01-20]</p><p>FF HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Firefox\Extensions: [{3D8EAB39-F7C9-E23B-E10F-73F55C97D6F3}] - C:\Program Files (x86)\ver6Re-markit\178.xpi</p><p></p><p>Chrome: </p><p>=======</p><p>CHR Profile: C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]</p><p>CHR Extension: (Website Logon) - C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2014-08-26]</p><p>CHR Extension: (Google Wallet) - C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]</p><p>CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path</p><p>CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-08]</p><p>CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]</p><p>CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]</p><p>CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path</p><p>CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-08]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 AlotService; C:\Users\Daniel'sComputer\AppData\LocalLow\alotservice\alotservice.exe [255880 2012-07-11] (Vertro Inc.)</p><p>R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)</p><p>S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-25] (globalUpdate) [File not signed]</p><p>S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-25] (globalUpdate) [File not signed]</p><p>R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]</p><p>R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-06] (Intel Corporation)</p><p>R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()</p><p>R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-10-30] (Intel Corporation)</p><p>S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)</p><p>S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()</p><p>R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)</p><p>R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-10-30] (IDT, Inc.) [File not signed]</p><p>S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)</p><p>S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)</p><p>R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)</p><p>R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)</p><p>R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)</p><p>R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)</p><p>R3 hswpan; C:\Windows\system32\drivers\hswpan.sys [109056 2012-01-27] (Ozmo Inc)</p><p>R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150119.001\IDSvia64.sys [668888 2015-01-16] (Symantec Corporation)</p><p>R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()</p><p>R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()</p><p>R3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2012-02-07] (Intel Corporation)</p><p>R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()</p><p>S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-10-13] (Marvell Semiconductor, Inc.)</p><p>R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150119.023\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)</p><p>R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150119.023\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)</p><p>R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-01] (Synaptics Incorporated)</p><p>R3 SRTSP; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)</p><p>R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)</p><p>R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)</p><p>R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)</p><p>R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-01-08] (Symantec Corporation)</p><p>R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)</p><p>R1 SymNetS; C:\Windows\system32\drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)</p><p>R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-20] ()</p><p>S3 cpuz134; \??\C:\Users\DANIEL~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]</p><p>S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-01-20 12:47 - 2015-01-20 12:47 - 02126848 _____ (Farbar) C:\Users\Daniel'sComputer\Downloads\FRST64.exe</p><p>2015-01-20 12:07 - 2015-01-20 12:08 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Daniel'sComputer\Downloads\mbar-1.08.3.1004.exe</p><p>2015-01-19 20:42 - 2015-01-19 20:42 - 00001306 _____ () C:\Users\Daniel'sComputer\Desktop\mbar-1.08.2.1001 - Shortcut.lnk</p><p>2015-01-19 20:25 - 2015-01-19 20:38 - 00036301 _____ () C:\Users\Daniel'sComputer\Downloads\Addition.txt</p><p>2015-01-19 20:21 - 2015-01-20 12:48 - 00000000 ____D () C:\FRST</p><p>2015-01-19 10:30 - 2015-01-20 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)</p><p>2015-01-19 10:30 - 2015-01-20 12:11 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2015-01-19 10:30 - 2015-01-19 10:30 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2015-01-19 10:29 - 2015-01-20 12:19 - 00000000 ____D () C:\Users\Daniel'sComputer\Desktop\mbar</p><p>2015-01-19 10:29 - 2015-01-20 12:09 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2015-01-19 10:28 - 2015-01-19 10:28 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Daniel'sComputer\Downloads\mbar-1.08.2.1001.exe</p><p>2015-01-16 17:50 - 2015-01-20 12:48 - 00028372 _____ () C:\Users\Daniel'sComputer\Downloads\FRST.txt</p><p>2015-01-16 17:23 - 2015-01-16 17:36 - 00000156 _____ () C:\Windows\Reimage.ini</p><p>2015-01-16 17:22 - 2015-01-16 17:22 - 00775968 _____ (Reimage®) C:\Users\Daniel'sComputer\Downloads\ReimageRepair.exe</p><p>2015-01-16 17:16 - 2015-01-16 17:16 - 00000000 __SHD () C:\Users\Daniel'sComputer\AppData\Local\EmieUserList</p><p>2015-01-16 17:16 - 2015-01-16 17:16 - 00000000 __SHD () C:\Users\Daniel'sComputer\AppData\Local\EmieSiteList</p><p>2015-01-16 17:16 - 2015-01-16 17:16 - 00000000 __SHD () C:\Users\Daniel'sComputer\AppData\Local\EmieBrowserModeList</p><p>2015-01-16 16:27 - 2015-01-16 16:27 - 00000000 _____ () C:\autoexec.bat</p><p>2015-01-16 16:26 - 2015-01-16 16:26 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Daniel'sComputer\Downloads\SpyHunter-Installer.exe</p><p>2015-01-14 12:20 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll</p><p>2015-01-14 12:20 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys</p><p>2015-01-14 12:20 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe</p><p>2015-01-14 12:20 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll</p><p>2015-01-14 12:20 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe</p><p>2015-01-14 12:20 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll</p><p>2015-01-14 12:20 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</p><p>2015-01-14 12:20 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</p><p>2015-01-14 12:20 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll</p><p>2015-01-14 12:20 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe</p><p>2015-01-14 12:20 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll</p><p>2015-01-14 12:20 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll</p><p>2015-01-14 12:20 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll</p><p>2015-01-14 12:11 - 2015-01-14 12:11 - 00047241 _____ () C:\Users\Daniel'sComputer\Downloads\Topic Workshop 2.pptx</p><p>2015-01-12 18:56 - 2015-01-12 18:56 - 00045429 _____ () C:\Users\Daniel'sComputer\Downloads\Chapter5-DemandEstimation.xlsx</p><p>2015-01-11 19:42 - 2015-01-11 19:42 - 00056629 _____ () C:\Users\Daniel'sComputer\Downloads\Topic Workshop 1.pptx</p><p>2015-01-10 17:50 - 2015-01-10 17:50 - 00000864 _____ () C:\Users\Daniel'sComputer\Downloads\Age_of_Mythology_The_Titans.rar - Shortcut.lnk</p><p>2015-01-10 17:12 - 2015-01-10 17:12 - 00288946 _____ () C:\Windows\msxml4-KB973688-enu.LOG</p><p>2015-01-10 16:50 - 2015-01-10 16:50 - 00000000 ____D () C:\Users\Daniel'sComputer\Downloads\Age_of_Mythology_The_Titans</p><p>2015-01-10 16:48 - 2015-01-10 17:16 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\Philipp Winterberg</p><p>2015-01-10 16:48 - 2015-01-10 16:49 - 00000000 ____D () C:\ProgramData\TuneUp Software</p><p>2015-01-10 16:48 - 2015-01-10 16:48 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}</p><p>2015-01-10 16:48 - 2015-01-10 16:48 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\TuneUp Software</p><p>2015-01-10 16:48 - 2015-01-10 16:48 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\OpenCandy</p><p>2015-01-10 16:46 - 2015-01-10 16:46 - 01450496 _____ (Philipp Winterberg) C:\Users\Daniel'sComputer\Downloads\InstallFreeRARExtractFrog.exe</p><p>2015-01-10 14:18 - 2015-01-10 15:25 - 417749852 _____ () C:\Users\Daniel'sComputer\Downloads\Age_of_Mythology_The_Titans.rar</p><p>2015-01-10 11:52 - 2015-01-10 11:52 - 00291460 _____ () C:\Windows\msxml4-KB954430-enu.LOG</p><p>2015-01-08 22:09 - 2015-01-20 12:20 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp</p><p>2015-01-08 22:06 - 2015-01-19 12:21 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads</p><p>2015-01-08 22:06 - 2015-01-08 22:06 - 00001208 _____ () C:\Users\Daniel'sComputer\Desktop\OBRONA BlockAds.lnk</p><p>2015-01-08 22:06 - 2015-01-08 22:06 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OBRONA BlockAds</p><p>2015-01-08 22:05 - 2015-01-08 22:05 - 353578952 _____ (Microsoft Corporation ) C:\Users\Daniel'sComputer\Downloads\AOMTrial.exe</p><p>2015-01-08 21:57 - 2015-01-08 21:57 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360</p><p>2015-01-08 21:50 - 2015-01-08 21:50 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS</p><p>2015-01-08 21:50 - 2015-01-08 21:50 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT</p><p>2015-01-08 21:50 - 2015-01-08 21:50 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration</p><p>2015-01-08 21:50 - 2015-01-08 21:50 - 00002393 _____ () C:\Users\Public\Desktop\Norton 360.lnk</p><p>2015-01-08 21:50 - 2015-01-08 21:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360</p><p>2015-01-08 21:50 - 2015-01-08 21:50 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64</p><p>2015-01-08 21:50 - 2015-01-08 21:50 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared</p><p>2015-01-08 21:50 - 2015-01-08 21:50 - 00000000 ____D () C:\Program Files (x86)\Norton 360</p><p>2015-01-08 21:40 - 2015-01-08 21:40 - 00000000 ____D () C:\ProgramData\PCSettings</p><p>2015-01-08 21:37 - 2015-01-08 21:52 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton</p><p>2015-01-08 21:37 - 2015-01-08 21:42 - 00001310 _____ () C:\Users\Daniel'sComputer\Desktop\Norton Installation Files.lnk</p><p>2015-01-08 21:36 - 2015-01-08 21:36 - 01021984 _____ (Symantec Corporation) C:\Users\Daniel'sComputer\Downloads\NortonN360Downloader.exe</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-01-20 12:48 - 2012-08-14 16:18 - 103570971 _____ () C:\alotserviceruntime.log</p><p>2015-01-20 12:45 - 2012-03-24 21:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2015-01-20 12:41 - 2012-08-13 18:11 - 01433398 _____ () C:\Windows\WindowsUpdate.log</p><p>2015-01-20 12:39 - 2012-08-13 18:17 - 00003998 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5880691C-0C46-4652-B3F1-059E055360B6}</p><p>2015-01-20 12:34 - 2014-08-25 21:34 - 00002492 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-6.job</p><p>2015-01-20 12:34 - 2009-07-13 23:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2015-01-20 12:34 - 2009-07-13 23:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2015-01-20 12:26 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2015-01-20 12:20 - 2014-08-25 21:35 - 00004178 _____ () C:\Windows\Tasks\0ffd1c89-9add-4d9c-a058-5dce671bf539.job</p><p>2015-01-20 12:20 - 2014-08-25 21:35 - 00002752 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.job</p><p>2015-01-20 12:20 - 2014-08-25 21:35 - 00001950 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-1.job</p><p>2015-01-20 12:20 - 2014-08-25 21:35 - 00001856 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5_user.job</p><p>2015-01-20 12:20 - 2014-08-25 21:35 - 00001836 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.job</p><p>2015-01-20 12:20 - 2014-08-25 21:35 - 00001562 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-2.job</p><p>2015-01-20 12:20 - 2014-08-25 21:34 - 00004516 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-11.job</p><p>2015-01-20 12:20 - 2014-08-25 21:34 - 00003834 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-3.job</p><p>2015-01-20 12:20 - 2014-08-25 21:34 - 00002368 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-7.job</p><p>2015-01-20 12:20 - 2014-08-25 21:34 - 00000920 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job</p><p>2015-01-20 12:20 - 2012-06-22 03:26 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys</p><p>2015-01-20 12:20 - 2010-11-20 22:47 - 00927974 _____ () C:\Windows\PFRO.log</p><p>2015-01-20 12:20 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2015-01-20 12:20 - 2009-07-13 23:51 - 00068311 _____ () C:\Windows\setupact.log</p><p>2015-01-20 12:19 - 2012-10-24 20:41 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\Spotify</p><p>2015-01-20 12:17 - 2012-08-14 21:12 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000Core.job</p><p>2015-01-20 12:03 - 2014-08-25 21:34 - 00000924 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job</p><p>2015-01-20 12:02 - 2012-08-14 21:12 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000UA.job</p><p>2015-01-19 12:45 - 2012-11-06 18:16 - 00000000 ____D () C:\Program Files (x86)\HP SimplePass</p><p>2015-01-19 10:06 - 2013-03-27 15:17 - 00003252 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDaniel'sComputer</p><p>2015-01-19 10:06 - 2013-03-27 15:17 - 00000376 _____ () C:\Windows\Tasks\HPCeeScheduleForDaniel'sComputer.job</p><p>2015-01-19 10:06 - 2012-10-24 20:41 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Local\Spotify</p><p>2015-01-16 17:51 - 2012-08-14 21:13 - 00002430 _____ () C:\Users\Daniel'sComputer\Desktop\Google Chrome.lnk</p><p>2015-01-15 13:05 - 2014-02-24 01:54 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2015-01-15 13:00 - 2014-02-24 01:53 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2015-01-13 15:04 - 2012-12-04 20:55 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt</p><p>2015-01-13 15:04 - 2012-08-14 15:17 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log</p><p>2015-01-13 13:45 - 2012-03-24 21:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2015-01-13 13:45 - 2012-03-24 21:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2015-01-13 13:45 - 2012-03-24 21:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater</p><p>2015-01-10 17:01 - 2012-08-16 18:56 - 00000000 ____D () C:\Windows\System32\Tasks\Games</p><p>2015-01-08 22:09 - 2012-08-14 05:16 - 00109680 _____ () C:\Users\Daniel'sComputer\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2015-01-08 22:09 - 2009-07-13 23:45 - 00409520 _____ () C:\Windows\system32\FNTCACHE.DAT</p><p>2015-01-08 21:52 - 2012-06-22 03:33 - 00000000 ____D () C:\ProgramData\Norton</p><p>2015-01-08 21:37 - 2013-05-19 11:38 - 00000000 ____D () C:\Users\Public\Downloads\Norton</p><p></p><p>==================== Files in the root of some directories =======</p><p>2012-08-14 04:28 - 2012-08-14 04:28 - 0007605 _____ () C:\Users\Daniel'sComputer\AppData\Local\Resmon.ResmonCfg</p><p>2013-11-20 10:54 - 2013-11-20 10:55 - 0023763 _____ () C:\Users\Daniel'sComputer\AppData\Local\WiDiSetupLog.20131120.105403.wdl</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\Daniel'sComputer\AppData\Local\Temp\siinst.exe</p><p>C:\Users\Daniel'sComputer\AppData\Local\Temp\strings.dll</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-01-11 13:14</p><p></p><p>==================== End Of Log ============================</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015</p><p>Ran by Daniel'sComputer at 2015-01-20 12:48:56</p><p>Running from C:\Users\Daniel'sComputer\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Norton 360 Premier Edition (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}</p><p>AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}</p><p>AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.17 - Absolute Software)</p><p>Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)</p><p>Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)</p><p>Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)</p><p>ALOT Appbar (HKLM-x32\...\alotAppbar) (Version: - ALOT) <==== ATTENTION</p><p>AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden</p><p>Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden</p><p>Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)</p><p>Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Blio (HKLM-x32\...\{FCD6D60F-AF2B-49E3-ABC4-A4C96B56225D}) (Version: 3.0.9391 - K-NFB Reading Technology, Inc.)</p><p>Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.3.5010 - CyberLink Corp.)</p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>DefaultTab Chrome (HKLM-x32\...\DefaultTab Chrome) (Version: 1.1.14 - Search Results, LLC) <==== ATTENTION</p><p>Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{7DA9DD7F-F4D9-40FB-BD27-69B7731DEDD9}) (Version: 5.1.3 - Hewlett-Packard)</p><p>Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)</p><p>Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Genieo (HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\genieo) (Version: 1.0.412 - Genieo Innovation Ltd.)</p><p>Gephi 0.8.2 (HKLM-x32\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version: - Gephi)</p><p>Google Chrome (HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)</p><p>Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden</p><p>Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)</p><p>HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)</p><p>HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)</p><p>HP Documentation (HKLM-x32\...\{DF2D7B73-3E53-4241-B6B5-64D8344AEF6B}) (Version: 1.1.0.0 - Hewlett-Packard)</p><p>HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)</p><p>HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )</p><p>HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)</p><p>HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)</p><p>HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)</p><p>HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)</p><p>HP Security Assistant (HKLM\...\{42719DC3-4982-47DD-B025-B21C4BDD504D}) (Version: 3.0.3 - Hewlett-Packard Company)</p><p>HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)</p><p>HP SimplePass PE (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)</p><p>HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)</p><p>HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)</p><p>IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)</p><p>Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)</p><p>Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)</p><p>Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)</p><p>Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)</p><p>Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)</p><p>Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)</p><p>Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)</p><p>Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)</p><p>Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )</p><p>Intel(R) Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)</p><p>Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)</p><p>Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)</p><p>Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)</p><p>Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)</p><p>Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - )</p><p>Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)</p><p>OBRONA BlockAds (HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\ObronaBlockAds) (Version: 1.1.31 - OBRONA BlockAds / Red Sky LLC) <==== ATTENTION</p><p>opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden</p><p>Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)</p><p>Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden</p><p>Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)</p><p>Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)</p><p>RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)</p><p>Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)</p><p>Spotify (HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)</p><p>swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden</p><p>Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.2.0 - Synaptics Incorporated)</p><p>Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden</p><p>VIP Access SDK (1.1.0.4) (HKLM-x32\...\VIP Access SDK) (Version: 1.1.0.4 - Symantec Inc.)</p><p>Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden</p><p>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)</p><p>Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p>Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File</p><p></p><p>==================== Restore Points =========================</p><p></p><p>20-12-2014 12:59:03 Windows Update</p><p>10-01-2015 11:51:52 Windows Update</p><p>10-01-2015 17:05:52 Removed TuneUp Utilities 2014</p><p>10-01-2015 17:06:53 Removed TuneUp Utilities 2014 (en-US)</p><p>10-01-2015 17:12:24 Windows Update</p><p>10-01-2015 17:21:39 Removed MSXML 4.0 SP2 (KB973688)</p><p>10-01-2015 17:22:52 Removed MSXML 4.0 SP2 (KB954430)</p><p>10-01-2015 17:51:54 Removed MSXML4 Parser</p><p>15-01-2015 12:59:48 Windows Update</p><p>19-01-2015 10:52:59 Malwarebytes Anti-Rootkit Restore Point</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {082ADDB1-276B-45A8-9036-B3F90ACECBEF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)</p><p>Task: {180C8B28-B52B-476A-8C3B-7D35C09E8F03} - System32\Tasks\HPCeeScheduleForDaniel'sComputer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)</p><p>Task: {1F67EFB8-9BF8-4BB4-BFC2-DE9DEDDA7F1A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000UA => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14] (Google Inc.)</p><p>Task: {21D0B8BD-D4B6-4323-B4FD-CA43099223F9} - System32\Tasks\Absolute Reminder => C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe [2011-07-12] (Absolute Software)</p><p>Task: {2EAADA8A-53F4-4D6C-904E-F1FF33A23288} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000Core => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14] (Google Inc.)</p><p>Task: {3A6511A8-9A93-45F4-B629-38F7988C6DB1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)</p><p>Task: {3D2B7924-3055-4EB2-A016-68FA8E370A91} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-10] (CyberLink)</p><p>Task: {411AE6CF-BFB3-489B-B206-8913C57A6A43} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc</p><p>Task: {5A745ACC-C095-41C0-BDCC-1F779E20277A} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-6 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-6.exe <==== ATTENTION</p><p>Task: {7430CB6A-BCDE-4DAB-B658-929F80B23098} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-25] (globalUpdate) <==== ATTENTION</p><p>Task: {77A5A260-2EBF-4E62-AE13-DA1503CD2D74} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-25] (globalUpdate) <==== ATTENTION</p><p>Task: {79333076-6D06-445F-A346-4CBC82DC2159} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)</p><p>Task: {7B18FB34-C56E-4DEA-BF70-58C9F957031D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)</p><p>Task: {917A416A-00DA-4DD2-BBE4-6AE029B601C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)</p><p>Task: {97110AFF-1D71-4C5E-9AE0-709696AC3859} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)</p><p>Task: {98714AFE-63DB-42E6-8892-19BC4CBC692D} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5_user => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.exe <==== ATTENTION</p><p>Task: {ADB3215C-2D42-4E7D-80EA-8E973A621446} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3141508201-2490937371-110901077-1000</p><p>Task: {AF1D68AF-6595-4205-A2E2-A2D04992CE0B} - System32\Tasks\0ffd1c89-9add-4d9c-a058-5dce671bf539 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.exe <==== ATTENTION</p><p>Task: {AFCA60F2-D2C4-46D1-A751-71DFB555178E} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-1 => C:\Program Files (x86)\videos MediaPlay-Air\videos MediaPlay-Air-codedownloader.exe <==== ATTENTION</p><p>Task: {BE48CB31-C0D2-4624-8E57-907E98B8D988} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-4 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.exe <==== ATTENTION</p><p>Task: {D49AF548-DE5C-408C-B98B-5A6B74A07559} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-7 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-7.exe <==== ATTENTION</p><p>Task: {D5E36B65-FC18-4FE1-89E1-025F73D23B19} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.exe <==== ATTENTION</p><p>Task: {DA1FD350-AEBE-4EA3-9A77-F20AB7405838} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-2 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-2.exe <==== ATTENTION</p><p>Task: {DED86BF7-39F4-4266-95BC-1639F669A8CF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)</p><p>Task: {EC32BE6B-D8FF-40DD-B03C-84ADB1C2A01E} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-11 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-11.exe <==== ATTENTION</p><p>Task: {FE82CFE6-B585-4783-BA42-D7773C87D30C} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-3 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-3.exe <==== ATTENTION</p><p>Task: {FF80C31D-92BD-4674-9CC9-9DC82B8806F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)</p><p>Task: C:\Windows\Tasks\0ffd1c89-9add-4d9c-a058-5dce671bf539.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-1.job => C:\Program Files (x86)\videos MediaPlay-Air\videos MediaPlay-Air-codedownloader.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-11.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-11.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-2.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-2.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-3.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-3.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5_user.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-6.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-6.exe/agentregpath='videos MediaPlay-Air-nv' /appid=61799 /srcid='001673' /subid='verticals-ads,intext,pops,shopping' /zdata='0' /bic=85FA61F2EADB42B4863C9896BCA7AECAIE /verifier=f9b8669541a13ccc39c8beaee712b74a /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1409020470 /statsdomain=<a href="http://stats.loadclientinputsrv.com" target="_blank">http://stats.loadclientinputsrv.com</a> /errorsdomain=<a href="http://errors.loadclientinputsrv.com" target="_blank">http://errors.loadclientinputsrv.com</a> /codedownloaddomain=<a href="http://js.loadclientinputsrv.com" target="_blank">http://js.loadclientinputsrv.com</a> /defbro=ch /DllName32ToInjectToChrome='6303bd85-27d3-4a05-b467-afcc981aa290.dll' /DllName64ToInjectToChrome='86cc3807-c595-48eb-9fac-f1e938528824.dll' /nova64bitexe='5ace53e0-2407-4b4a-b916-78d25ab235cb-64.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-7.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-7.exeÙ/updateapp /agentregpath='videos MediaPlay-Air-nv' /appid=61799 /srcid='001673' /subid='verticals-ads,intext,pops,shopping' /zdata='0' /bic=85FA61F2EADB42B4863C9896BCA7AECAIE /verifier=f9b8669541a13ccc39c8beaee712b74a /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1409020470 /statsdomain=<a href="http://stats.loadclientinputsrv.com" target="_blank">http://stats.loadclientinputsrv.com</a> /errorsdomain=<a href="http://errors.loadclientinputsrv.com" target="_blank">http://errors.loadclientinputsrv.com</a> /codedownloaddomain=<a href="http://js.loadclientinputsrv.com" target="_blank">http://js.loadclientinputsrv.com</a> /defbro=ch /DllName32ToInjectToChrome='6303bd85-27d3-4a05-b467-afcc981aa290.dll' /DllName64ToInjectToChrome='86cc3807-c595-48eb-9fac-f1e938528824.dll' /nova64bitexe='5ace53e0-2407-4b4a-b916-78d25ab235cb-64.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000Core.job => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000UA.job => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\HPCeeScheduleForDaniel'sComputer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2012-09-13 09:24 - 2010-10-14 09:05 - 00290816 _____ () C:\Windows\System32\HP1100LM.DLL</p><p>2012-09-13 09:25 - 2010-10-14 09:05 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL</p><p>2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF</p><p>2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll</p><p>2012-02-09 18:26 - 2012-02-09 18:26 - 00133632 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe</p><p>2012-02-09 18:26 - 2012-02-09 18:26 - 00048128 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll</p><p>2012-02-09 18:26 - 2012-02-09 18:26 - 00036864 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetDetect.dll</p><p>2013-02-07 08:19 - 2013-02-07 08:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe</p><p>2011-12-20 01:34 - 2011-12-20 01:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe</p><p>2012-02-15 04:53 - 2012-02-15 04:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll</p><p>2014-10-14 08:00 - 2014-10-14 08:00 - 00008192 _____ () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\ProxyResetOnKill.exe</p><p>2014-10-08 08:03 - 2014-10-08 08:03 - 00879104 _____ () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\platforms\qwindows.dll</p><p>2014-10-08 08:01 - 2014-10-08 08:01 - 00021504 _____ () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\imageformats\qgif.dll</p><p>2014-10-25 11:42 - 2014-10-25 11:42 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll</p><p>2012-06-22 03:23 - 2012-02-01 19:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll</p><p>2012-06-22 03:27 - 2012-10-30 18:12 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll</p><p>2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF</p><p>2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll</p><p>2015-01-16 17:50 - 2015-01-08 19:35 - 01077064 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\libglesv2.dll</p><p>2015-01-16 17:50 - 2015-01-08 19:35 - 00211272 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\libegl.dll</p><p>2015-01-16 17:50 - 2015-01-08 19:35 - 01677128 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll</p><p>2015-01-16 17:50 - 2015-01-08 19:35 - 14913352 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll</p><p>2015-01-16 17:50 - 2015-01-08 19:35 - 09009480 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\pdf.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p></p><p>========================= Accounts: ==========================</p><p></p><p>Administrator (S-1-5-21-3141508201-2490937371-110901077-500 - Administrator - Disabled)</p><p>Daniel'sComputer (S-1-5-21-3141508201-2490937371-110901077-1000 - Administrator - Enabled) => C:\Users\Daniel'sComputer</p><p>Guest (S-1-5-21-3141508201-2490937371-110901077-501 - Limited - Disabled)</p><p>HomeGroupUser$ (S-1-5-21-3141508201-2490937371-110901077-1002 - Limited - Enabled)</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (01/20/2015 00:20:44 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (01/20/2015 00:20:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: )</p><p>Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.</p><p></p><p>Error: (01/20/2015 00:20:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: )</p><p>Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2</p><p></p><p>Error: (01/19/2015 11:34:43 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (01/19/2015 11:34:41 AM) (Source: ISCT Agent) (EventID: 1003) (User: )</p><p>Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.</p><p></p><p>Error: (01/19/2015 11:34:41 AM) (Source: ISCT Agent) (EventID: 1003) (User: )</p><p>Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2</p><p></p><p>Error: (01/16/2015 05:08:58 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (01/16/2015 05:08:56 PM) (Source: ISCT Agent) (EventID: 1003) (User: )</p><p>Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.</p><p></p><p>Error: (01/16/2015 05:08:56 PM) (Source: ISCT Agent) (EventID: 1003) (User: )</p><p>Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2</p><p></p><p>Error: (01/16/2015 05:07:05 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (01/20/2015 00:20:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )</p><p>Description: The following boot-start or system-start driver(s) failed to load: </p><p>cdrom</p><p></p><p>Error: (01/20/2015 00:19:40 PM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}</p><p></p><p>Error: (01/19/2015 11:34:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )</p><p>Description: The following boot-start or system-start driver(s) failed to load: </p><p>cdrom</p><p></p><p>Error: (01/16/2015 05:08:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )</p><p>Description: The following boot-start or system-start driver(s) failed to load: </p><p>cdrom</p><p></p><p>Error: (01/16/2015 05:07:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )</p><p>Description: The following boot-start or system-start driver(s) failed to load: </p><p>cdrom</p><p></p><p>Error: (01/16/2015 05:06:22 PM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}</p><p></p><p>Error: (01/16/2015 00:30:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )</p><p>Description: The following boot-start or system-start driver(s) failed to load: </p><p>cdrom</p><p></p><p>Error: (01/16/2015 00:30:14 PM) (Source: EventLog) (EventID: 6008) (User: )</p><p>Description: The previous system shutdown at 6:39:03 PM on 1/15/2015 was unexpected.</p><p></p><p>Error: (01/15/2015 06:11:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )</p><p>Description: The following boot-start or system-start driver(s) failed to load: </p><p>cdrom</p><p></p><p>Error: (01/12/2015 00:44:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )</p><p>Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (01/20/2015 00:20:44 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (01/20/2015 00:20:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: )</p><p>Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.</p><p></p><p>Error: (01/20/2015 00:20:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: )</p><p>Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2</p><p></p><p>Error: (01/19/2015 11:34:43 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (01/19/2015 11:34:41 AM) (Source: ISCT Agent) (EventID: 1003) (User: )</p><p>Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.</p><p></p><p>Error: (01/19/2015 11:34:41 AM) (Source: ISCT Agent) (EventID: 1003) (User: )</p><p>Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2</p><p></p><p>Error: (01/16/2015 05:08:58 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (01/16/2015 05:08:56 PM) (Source: ISCT Agent) (EventID: 1003) (User: )</p><p>Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.</p><p></p><p>Error: (01/16/2015 05:08:56 PM) (Source: ISCT Agent) (EventID: 1003) (User: )</p><p>Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2</p><p></p><p>Error: (01/16/2015 05:07:05 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz</p><p>Percentage of memory in use: 58%</p><p>Total physical RAM: 3998.31 MB</p><p>Available physical RAM: 1667.25 MB</p><p>Total Pagefile: 7994.8 MB</p><p>Available Pagefile: 5252.42 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.85 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (OS) (Fixed) (Total:446.1 GB) (Free:363.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive d: (Recovery) (Fixed) (Total:19.35 GB) (Free:2.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F74225FC)</p><p>Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=19.4 GB) - (Type=07 NTFS)</p><p>Partition 4: (Not Active) - (Size=108 MB) - (Type=0C)</p><p></p><p>========================================================</p><p>Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: E2030C0D)</p><p>Partition 1: (Not Active) - (Size=4 GB) - (Type=84)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Dangrnwd, post: 336709, member: 33325"] I've pasted the four files in the order that you requested them. Malwarebytes Anti-Rootkit BETA 1.08.3.1004 [URL="http://www.malwarebytes.org"]www.malwarebytes.org[/URL] Database version: main: v2015.01.20.08 rootkit: v2015.01.14.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17501 Daniel'sComputer :: DANIELSCOMPUTER [administrator] 1/20/2015 12:11:09 PM mbar-log-2015-01-20 (12-11-09).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 343525 Time elapsed: 7 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17501 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.696000 GHz Memory total: 4192530432, free: 1768742912 Downloaded database version: v2015.01.19.08 Downloaded database version: v2015.01.14.01 Downloaded database version: v2014.12.06.01 ======================================= Initializing... ------------ Kernel report ------------ 01/19/2015 10:30:34 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\iusb3hcs.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\iaStor.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\N360x64\1506000.020\SYMDS64.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\wd.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\drivers\hpdskflt.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\N360x64\1506000.020\ccSetx64.sys \SystemRoot\system32\drivers\N360x64\1506000.020\SRTSP64.SYS \SystemRoot\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS \SystemRoot\system32\drivers\N360x64\1506000.020\Ironx64.SYS \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\drivers\N360x64\1506000.020\SYMNETS.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150106.001\BHDrvx64.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\iusb3xhc.sys \SystemRoot\system32\drivers\USBD.SYS \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\RtsBaStor.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\Netwsw00.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\ikbevent.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\drivers\SynTP.sys \SystemRoot\system32\DRIVERS\imsevent.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\CmBatt.sys \SystemRoot\system32\drivers\Smb_driver.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\intelppm.sys \SystemRoot\system32\drivers\ISCTD64.sys \SystemRoot\system32\drivers\irstrtdv.sys \SystemRoot\system32\DRIVERS\AMPPAL.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\iwdbus.sys \SystemRoot\system32\drivers\hswpan.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\iusb3hub.sys \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\system32\DRIVERS\portcls.sys \SystemRoot\system32\DRIVERS\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\iBtFltCoex.sys \SystemRoot\system32\DRIVERS\btmhsf.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\drivers\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\DRIVERS\btmaux.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\WPRO_41_2001.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \??\C:\Users\DANIEL~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys \??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150116.001\IDSvia64.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\monitor.sys \??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150118.025\EX64.SYS \??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150118.025\ENG64.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\clbcatq.dll \Windows\System32\rpcrt4.dll \Windows\System32\normaliz.dll \Windows\System32\setupapi.dll \Windows\System32\wininet.dll \Windows\System32\ole32.dll \Windows\System32\shell32.dll \Windows\System32\imm32.dll \Windows\System32\lpk.dll \Windows\System32\iertutil.dll \Windows\System32\oleaut32.dll \Windows\System32\advapi32.dll \Windows\System32\msvcrt.dll \Windows\System32\urlmon.dll \Windows\System32\msctf.dll \Windows\System32\ws2_32.dll \Windows\System32\comdlg32.dll \Windows\System32\difxapi.dll \Windows\System32\kernel32.dll \Windows\System32\shlwapi.dll \Windows\System32\imagehlp.dll \Windows\System32\gdi32.dll \Windows\System32\psapi.dll \Windows\System32\user32.dll \Windows\System32\usp10.dll \Windows\System32\Wldap32.dll \Windows\System32\nsi.dll \Windows\System32\sechost.dll \Windows\System32\wintrust.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\userenv.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\devobj.dll \Windows\System32\profapi.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa800633f060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8004e88050 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800633e060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-0\ Lower Device Object: 0xfffffa8004e84050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800633e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80061d5aa0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800633e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80061d4a60, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa8004e84050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: F74225FC Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 935546880 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 935956480 Numsec = 40587264 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 976543744 Numsec = 221184 Disk Size: 500104691712 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa800633f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80061d6a30, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800633f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800633e920, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa8004e88050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: E2030C0D Partition information: Partition 0 type is Other (0x84) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 8384512 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 4294967296 bytes Sector size: 512 bytes Done! File C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf will be destroyed Infected: C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf --> [PUP.Optional.WebInstr.A] Infected: HKLM\SOFTWARE\WOW6432NODE\FREESOFTTODAY --> [Adware.EoRezo] Scan finished Creating System Restore point... Cleaning up... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17501 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.696000 GHz Memory total: 4192530432, free: 1410981888 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.3.1004 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17501 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.696000 GHz Memory total: 4192530432, free: 1170419712 Downloaded database version: v2015.01.20.08 Downloaded database version: v2015.01.14.01 Downloaded database version: v2014.12.06.01 ======================================= Initializing... ------------ Kernel report ------------ 01/20/2015 12:11:01 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\drivers\imofugc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\iusb3hcs.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\iaStor.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\N360x64\1506000.020\SYMDS64.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\wd.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\drivers\hpdskflt.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\N360x64\1506000.020\ccSetx64.sys \SystemRoot\system32\drivers\N360x64\1506000.020\SRTSP64.SYS \SystemRoot\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS \SystemRoot\system32\drivers\N360x64\1506000.020\Ironx64.SYS \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\drivers\N360x64\1506000.020\SYMNETS.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150106.001\BHDrvx64.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\iusb3xhc.sys \SystemRoot\system32\drivers\USBD.SYS \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\RtsBaStor.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\Netwsw00.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\ikbevent.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\drivers\SynTP.sys \SystemRoot\system32\DRIVERS\imsevent.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\CmBatt.sys \SystemRoot\system32\drivers\Smb_driver.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\intelppm.sys \SystemRoot\system32\drivers\ISCTD64.sys \SystemRoot\system32\drivers\irstrtdv.sys \SystemRoot\system32\DRIVERS\AMPPAL.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\iwdbus.sys \SystemRoot\system32\drivers\hswpan.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\iusb3hub.sys \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\system32\DRIVERS\portcls.sys \SystemRoot\system32\DRIVERS\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\iBtFltCoex.sys \SystemRoot\system32\DRIVERS\btmhsf.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\drivers\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\DRIVERS\btmaux.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\WPRO_41_2001.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\ATMFD.DLL \??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150119.003\EX64.SYS \??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150119.003\ENG64.SYS \??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150119.001\IDSvia64.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\usp10.dll \Windows\System32\comdlg32.dll \Windows\System32\oleaut32.dll \Windows\System32\ws2_32.dll \Windows\System32\shell32.dll \Windows\System32\Wldap32.dll \Windows\System32\kernel32.dll \Windows\System32\normaliz.dll \Windows\System32\rpcrt4.dll \Windows\System32\msvcrt.dll \Windows\System32\user32.dll \Windows\System32\setupapi.dll \Windows\System32\advapi32.dll \Windows\System32\imm32.dll \Windows\System32\sechost.dll \Windows\System32\lpk.dll \Windows\System32\psapi.dll \Windows\System32\shlwapi.dll \Windows\System32\ole32.dll \Windows\System32\gdi32.dll \Windows\System32\clbcatq.dll \Windows\System32\difxapi.dll \Windows\System32\nsi.dll \Windows\System32\msctf.dll \Windows\System32\urlmon.dll \Windows\System32\wininet.dll \Windows\System32\iertutil.dll \Windows\System32\imagehlp.dll \Windows\System32\userenv.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\crypt32.dll \Windows\System32\KernelBase.dll \Windows\System32\msasn1.dll \Windows\System32\profapi.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! Scan started Database versions: main: v2015.01.20.08 rootkit: v2015.01.14.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8006320060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006320b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006320060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80061bdb10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa8004bbc050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: F74225FC Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 935546880 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 935956480 Numsec = 40587264 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 976543744 Numsec = 221184 Disk Size: 500104691712 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8006321060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006321b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006321060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80061beb10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa8004bc0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: E2030C0D Partition information: Partition 0 type is Other (0x84) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 8384512 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 4294967296 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removal finished Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Daniel'sComputer (administrator) on DANIELSCOMPUTER on 20-01-2015 12:48:26 Running from C:\Users\Daniel'sComputer\Downloads Loaded Profiles: Daniel'sComputer (Available profiles: Daniel'sComputer) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Vertro Inc.) C:\Users\Daniel'sComputer\AppData\LocalLow\alotservice\alotservice.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (HP) C:\Windows\System32\HPSIsvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (RedSky Sp. z o.o.) C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe (Spotify Ltd) C:\Users\Daniel'sComputer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\ProxyResetOnKill.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe (Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-01] (Synaptics Incorporated) HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-10-30] (IDT, Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [fst_us_227] => [X] HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Run: [Google Update] => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-14] (Google Inc.) HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Run: [Obrona Block Ads] => C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe [1509336 2014-10-16] (RedSky Sp. z o.o.) HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Run: [Spotify Web Helper] => C:\Users\Daniel'sComputer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-16] (Spotify Ltd) HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\MountPoints2: {91d8925f-f7b3-11e1-b448-685d43884176} - E:\SISetup.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-3141508201-2490937371-110901077-1000] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-3141508201-2490937371-110901077-1000] => http=127.0.0.1:9880 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [URL]http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [URL]http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}[/URL] StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe [URL]http://www.istart123.com/?type=sc&ts=1409020461&from=tugs&uid=_[/URL] SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [URL]http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}[/URL] SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [URL]http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox[/URL] SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = [URL]http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF[/URL] SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [URL]http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}[/URL] SearchScopes: HKLM -> {41984860-5C6A-449C-923F-ECDB575133B9} URL = [URL]http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}[/URL] SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = [URL]http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF[/URL] SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = [URL]http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}[/URL] SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = [URL]http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}[/URL] SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [URL]http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}[/URL] SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = [URL]http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=ca59f961-dfcb-4a36-973b-9bde8bedda69&searchtype=ds&q={searchTerms}[/URL] SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [URL]http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox[/URL] SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = [URL]http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF[/URL] SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [URL]http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}[/URL] SearchScopes: HKLM-x32 -> {41984860-5C6A-449C-923F-ECDB575133B9} URL = [URL]http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}[/URL] SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = [URL]http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF[/URL] SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = [URL]http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}[/URL] SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = [URL]http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}[/URL] SearchScopes: HKU\S-1-5-21-3141508201-2490937371-110901077-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\S-1-5-21-3141508201-2490937371-110901077-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: videos MediaPlay-Air -> {11111111-1111-1111-1111-110611171199} -> C:\Program Files (x86)\videos MediaPlay-Air\videos MediaPlay-Air-bho64.dll No File BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: No Name -> {964968F9-058C-7826-FFDB-BC48A3C1CDCE} -> No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: ALOT Appbar Helper -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: No Name -> {964968F9-058C-7826-FFDB-BC48A3C1CDCE} -> No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll (Vertro, Inc) Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 128.192.1.19 128.192.1.193 128.192.1.9 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3141508201-2490937371-110901077-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3141508201-2490937371-110901077-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF [2015-01-08] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2015-01-20] FF HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Firefox\Extensions: [{3D8EAB39-F7C9-E23B-E10F-73F55C97D6F3}] - C:\Program Files (x86)\ver6Re-markit\178.xpi Chrome: ======= CHR Profile: C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24] CHR Extension: (Website Logon) - C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2014-08-26] CHR Extension: (Google Wallet) - C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-08] CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12] CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-08] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AlotService; C:\Users\Daniel'sComputer\AppData\LocalLow\alotservice\alotservice.exe [255880 2012-07-11] (Vertro Inc.) R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP) S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-25] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-25] (globalUpdate) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-06] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-10-30] (Intel Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] () R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-10-30] (IDT, Inc.) [File not signed] S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation) R3 hswpan; C:\Windows\system32\drivers\hswpan.sys [109056 2012-01-27] (Ozmo Inc) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150119.001\IDSvia64.sys [668888 2015-01-16] (Symantec Corporation) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] () R3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2012-02-07] (Intel Corporation) R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] () S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-10-13] (Marvell Semiconductor, Inc.) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150119.023\ENG64.SYS [129752 2015-01-20] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150119.023\EX64.SYS [2137304 2015-01-20] (Symantec Corporation) R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-01] (Synaptics Incorporated) R3 SRTSP; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-01-08] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-20] () S3 cpuz134; \??\C:\Users\DANIEL~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-20 12:47 - 2015-01-20 12:47 - 02126848 _____ (Farbar) C:\Users\Daniel'sComputer\Downloads\FRST64.exe 2015-01-20 12:07 - 2015-01-20 12:08 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Daniel'sComputer\Downloads\mbar-1.08.3.1004.exe 2015-01-19 20:42 - 2015-01-19 20:42 - 00001306 _____ () C:\Users\Daniel'sComputer\Desktop\mbar-1.08.2.1001 - Shortcut.lnk 2015-01-19 20:25 - 2015-01-19 20:38 - 00036301 _____ () C:\Users\Daniel'sComputer\Downloads\Addition.txt 2015-01-19 20:21 - 2015-01-20 12:48 - 00000000 ____D () C:\FRST 2015-01-19 10:30 - 2015-01-20 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-19 10:30 - 2015-01-20 12:11 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-19 10:30 - 2015-01-19 10:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-19 10:29 - 2015-01-20 12:19 - 00000000 ____D () C:\Users\Daniel'sComputer\Desktop\mbar 2015-01-19 10:29 - 2015-01-20 12:09 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-19 10:28 - 2015-01-19 10:28 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Daniel'sComputer\Downloads\mbar-1.08.2.1001.exe 2015-01-16 17:50 - 2015-01-20 12:48 - 00028372 _____ () C:\Users\Daniel'sComputer\Downloads\FRST.txt 2015-01-16 17:23 - 2015-01-16 17:36 - 00000156 _____ () C:\Windows\Reimage.ini 2015-01-16 17:22 - 2015-01-16 17:22 - 00775968 _____ (Reimage®) C:\Users\Daniel'sComputer\Downloads\ReimageRepair.exe 2015-01-16 17:16 - 2015-01-16 17:16 - 00000000 __SHD () C:\Users\Daniel'sComputer\AppData\Local\EmieUserList 2015-01-16 17:16 - 2015-01-16 17:16 - 00000000 __SHD () C:\Users\Daniel'sComputer\AppData\Local\EmieSiteList 2015-01-16 17:16 - 2015-01-16 17:16 - 00000000 __SHD () C:\Users\Daniel'sComputer\AppData\Local\EmieBrowserModeList 2015-01-16 16:27 - 2015-01-16 16:27 - 00000000 _____ () C:\autoexec.bat 2015-01-16 16:26 - 2015-01-16 16:26 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Daniel'sComputer\Downloads\SpyHunter-Installer.exe 2015-01-14 12:20 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 12:20 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 12:20 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 12:20 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 12:20 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 12:20 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 12:20 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 12:20 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 12:20 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 12:20 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 12:20 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 12:20 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 12:20 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 12:11 - 2015-01-14 12:11 - 00047241 _____ () C:\Users\Daniel'sComputer\Downloads\Topic Workshop 2.pptx 2015-01-12 18:56 - 2015-01-12 18:56 - 00045429 _____ () C:\Users\Daniel'sComputer\Downloads\Chapter5-DemandEstimation.xlsx 2015-01-11 19:42 - 2015-01-11 19:42 - 00056629 _____ () C:\Users\Daniel'sComputer\Downloads\Topic Workshop 1.pptx 2015-01-10 17:50 - 2015-01-10 17:50 - 00000864 _____ () C:\Users\Daniel'sComputer\Downloads\Age_of_Mythology_The_Titans.rar - Shortcut.lnk 2015-01-10 17:12 - 2015-01-10 17:12 - 00288946 _____ () C:\Windows\msxml4-KB973688-enu.LOG 2015-01-10 16:50 - 2015-01-10 16:50 - 00000000 ____D () C:\Users\Daniel'sComputer\Downloads\Age_of_Mythology_The_Titans 2015-01-10 16:48 - 2015-01-10 17:16 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\Philipp Winterberg 2015-01-10 16:48 - 2015-01-10 16:49 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-01-10 16:48 - 2015-01-10 16:48 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-01-10 16:48 - 2015-01-10 16:48 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\TuneUp Software 2015-01-10 16:48 - 2015-01-10 16:48 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\OpenCandy 2015-01-10 16:46 - 2015-01-10 16:46 - 01450496 _____ (Philipp Winterberg) C:\Users\Daniel'sComputer\Downloads\InstallFreeRARExtractFrog.exe 2015-01-10 14:18 - 2015-01-10 15:25 - 417749852 _____ () C:\Users\Daniel'sComputer\Downloads\Age_of_Mythology_The_Titans.rar 2015-01-10 11:52 - 2015-01-10 11:52 - 00291460 _____ () C:\Windows\msxml4-KB954430-enu.LOG 2015-01-08 22:09 - 2015-01-20 12:20 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2015-01-08 22:06 - 2015-01-19 12:21 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads 2015-01-08 22:06 - 2015-01-08 22:06 - 00001208 _____ () C:\Users\Daniel'sComputer\Desktop\OBRONA BlockAds.lnk 2015-01-08 22:06 - 2015-01-08 22:06 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OBRONA BlockAds 2015-01-08 22:05 - 2015-01-08 22:05 - 353578952 _____ (Microsoft Corporation ) C:\Users\Daniel'sComputer\Downloads\AOMTrial.exe 2015-01-08 21:57 - 2015-01-08 21:57 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360 2015-01-08 21:50 - 2015-01-08 21:50 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2015-01-08 21:50 - 2015-01-08 21:50 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2015-01-08 21:50 - 2015-01-08 21:50 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2015-01-08 21:50 - 2015-01-08 21:50 - 00002393 _____ () C:\Users\Public\Desktop\Norton 360.lnk 2015-01-08 21:50 - 2015-01-08 21:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2015-01-08 21:50 - 2015-01-08 21:50 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64 2015-01-08 21:50 - 2015-01-08 21:50 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2015-01-08 21:50 - 2015-01-08 21:50 - 00000000 ____D () C:\Program Files (x86)\Norton 360 2015-01-08 21:40 - 2015-01-08 21:40 - 00000000 ____D () C:\ProgramData\PCSettings 2015-01-08 21:37 - 2015-01-08 21:52 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton 2015-01-08 21:37 - 2015-01-08 21:42 - 00001310 _____ () C:\Users\Daniel'sComputer\Desktop\Norton Installation Files.lnk 2015-01-08 21:36 - 2015-01-08 21:36 - 01021984 _____ (Symantec Corporation) C:\Users\Daniel'sComputer\Downloads\NortonN360Downloader.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-20 12:48 - 2012-08-14 16:18 - 103570971 _____ () C:\alotserviceruntime.log 2015-01-20 12:45 - 2012-03-24 21:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-20 12:41 - 2012-08-13 18:11 - 01433398 _____ () C:\Windows\WindowsUpdate.log 2015-01-20 12:39 - 2012-08-13 18:17 - 00003998 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5880691C-0C46-4652-B3F1-059E055360B6} 2015-01-20 12:34 - 2014-08-25 21:34 - 00002492 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-6.job 2015-01-20 12:34 - 2009-07-13 23:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-20 12:34 - 2009-07-13 23:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-20 12:26 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-20 12:20 - 2014-08-25 21:35 - 00004178 _____ () C:\Windows\Tasks\0ffd1c89-9add-4d9c-a058-5dce671bf539.job 2015-01-20 12:20 - 2014-08-25 21:35 - 00002752 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.job 2015-01-20 12:20 - 2014-08-25 21:35 - 00001950 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-1.job 2015-01-20 12:20 - 2014-08-25 21:35 - 00001856 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5_user.job 2015-01-20 12:20 - 2014-08-25 21:35 - 00001836 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.job 2015-01-20 12:20 - 2014-08-25 21:35 - 00001562 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-2.job 2015-01-20 12:20 - 2014-08-25 21:34 - 00004516 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-11.job 2015-01-20 12:20 - 2014-08-25 21:34 - 00003834 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-3.job 2015-01-20 12:20 - 2014-08-25 21:34 - 00002368 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-7.job 2015-01-20 12:20 - 2014-08-25 21:34 - 00000920 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-01-20 12:20 - 2012-06-22 03:26 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys 2015-01-20 12:20 - 2010-11-20 22:47 - 00927974 _____ () C:\Windows\PFRO.log 2015-01-20 12:20 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-20 12:20 - 2009-07-13 23:51 - 00068311 _____ () C:\Windows\setupact.log 2015-01-20 12:19 - 2012-10-24 20:41 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\Spotify 2015-01-20 12:17 - 2012-08-14 21:12 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000Core.job 2015-01-20 12:03 - 2014-08-25 21:34 - 00000924 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-01-20 12:02 - 2012-08-14 21:12 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000UA.job 2015-01-19 12:45 - 2012-11-06 18:16 - 00000000 ____D () C:\Program Files (x86)\HP SimplePass 2015-01-19 10:06 - 2013-03-27 15:17 - 00003252 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDaniel'sComputer 2015-01-19 10:06 - 2013-03-27 15:17 - 00000376 _____ () C:\Windows\Tasks\HPCeeScheduleForDaniel'sComputer.job 2015-01-19 10:06 - 2012-10-24 20:41 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Local\Spotify 2015-01-16 17:51 - 2012-08-14 21:13 - 00002430 _____ () C:\Users\Daniel'sComputer\Desktop\Google Chrome.lnk 2015-01-15 13:05 - 2014-02-24 01:54 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 13:00 - 2014-02-24 01:53 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-13 15:04 - 2012-12-04 20:55 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2015-01-13 15:04 - 2012-08-14 15:17 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2015-01-13 13:45 - 2012-03-24 21:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-13 13:45 - 2012-03-24 21:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-13 13:45 - 2012-03-24 21:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-10 17:01 - 2012-08-16 18:56 - 00000000 ____D () C:\Windows\System32\Tasks\Games 2015-01-08 22:09 - 2012-08-14 05:16 - 00109680 _____ () C:\Users\Daniel'sComputer\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-08 22:09 - 2009-07-13 23:45 - 00409520 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-08 21:52 - 2012-06-22 03:33 - 00000000 ____D () C:\ProgramData\Norton 2015-01-08 21:37 - 2013-05-19 11:38 - 00000000 ____D () C:\Users\Public\Downloads\Norton ==================== Files in the root of some directories ======= 2012-08-14 04:28 - 2012-08-14 04:28 - 0007605 _____ () C:\Users\Daniel'sComputer\AppData\Local\Resmon.ResmonCfg 2013-11-20 10:54 - 2013-11-20 10:55 - 0023763 _____ () C:\Users\Daniel'sComputer\AppData\Local\WiDiSetupLog.20131120.105403.wdl Some content of TEMP: ==================== C:\Users\Daniel'sComputer\AppData\Local\Temp\siinst.exe C:\Users\Daniel'sComputer\AppData\Local\Temp\strings.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-11 13:14 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015 Ran by Daniel'sComputer at 2015-01-20 12:48:56 Running from C:\Users\Daniel'sComputer\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 Premier Edition (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.17 - Absolute Software) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.) ALOT Appbar (HKLM-x32\...\alotAppbar) (Version: - ALOT) <==== ATTENTION AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blio (HKLM-x32\...\{FCD6D60F-AF2B-49E3-ABC4-A4C96B56225D}) (Version: 3.0.9391 - K-NFB Reading Technology, Inc.) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.3.5010 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DefaultTab Chrome (HKLM-x32\...\DefaultTab Chrome) (Version: 1.1.14 - Search Results, LLC) <==== ATTENTION Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{7DA9DD7F-F4D9-40FB-BD27-69B7731DEDD9}) (Version: 5.1.3 - Hewlett-Packard) Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Genieo (HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\genieo) (Version: 1.0.412 - Genieo Innovation Ltd.) Gephi 0.8.2 (HKLM-x32\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version: - Gephi) Google Chrome (HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard) HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{DF2D7B73-3E53-4241-B6B5-64D8344AEF6B}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company) HP Security Assistant (HKLM\...\{42719DC3-4982-47DD-B025-B21C4BDD504D}) (Version: 3.0.3 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company) HP SimplePass PE (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation) Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel(R) Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - ) Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation) OBRONA BlockAds (HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\ObronaBlockAds) (Version: 1.1.31 - OBRONA BlockAds / Red Sky LLC) <==== ATTENTION opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.) RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.2.0 - Synaptics Incorporated) Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VIP Access SDK (1.1.0.4) (HKLM-x32\...\VIP Access SDK) (Version: 1.1.0.4 - Symantec Inc.) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 20-12-2014 12:59:03 Windows Update 10-01-2015 11:51:52 Windows Update 10-01-2015 17:05:52 Removed TuneUp Utilities 2014 10-01-2015 17:06:53 Removed TuneUp Utilities 2014 (en-US) 10-01-2015 17:12:24 Windows Update 10-01-2015 17:21:39 Removed MSXML 4.0 SP2 (KB973688) 10-01-2015 17:22:52 Removed MSXML 4.0 SP2 (KB954430) 10-01-2015 17:51:54 Removed MSXML4 Parser 15-01-2015 12:59:48 Windows Update 19-01-2015 10:52:59 Malwarebytes Anti-Rootkit Restore Point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {082ADDB1-276B-45A8-9036-B3F90ACECBEF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {180C8B28-B52B-476A-8C3B-7D35C09E8F03} - System32\Tasks\HPCeeScheduleForDaniel'sComputer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {1F67EFB8-9BF8-4BB4-BFC2-DE9DEDDA7F1A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000UA => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14] (Google Inc.) Task: {21D0B8BD-D4B6-4323-B4FD-CA43099223F9} - System32\Tasks\Absolute Reminder => C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe [2011-07-12] (Absolute Software) Task: {2EAADA8A-53F4-4D6C-904E-F1FF33A23288} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000Core => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14] (Google Inc.) Task: {3A6511A8-9A93-45F4-B629-38F7988C6DB1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated) Task: {3D2B7924-3055-4EB2-A016-68FA8E370A91} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-10] (CyberLink) Task: {411AE6CF-BFB3-489B-B206-8913C57A6A43} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {5A745ACC-C095-41C0-BDCC-1F779E20277A} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-6 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-6.exe <==== ATTENTION Task: {7430CB6A-BCDE-4DAB-B658-929F80B23098} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-25] (globalUpdate) <==== ATTENTION Task: {77A5A260-2EBF-4E62-AE13-DA1503CD2D74} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-25] (globalUpdate) <==== ATTENTION Task: {79333076-6D06-445F-A346-4CBC82DC2159} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {7B18FB34-C56E-4DEA-BF70-58C9F957031D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: {917A416A-00DA-4DD2-BBE4-6AE029B601C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {97110AFF-1D71-4C5E-9AE0-709696AC3859} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {98714AFE-63DB-42E6-8892-19BC4CBC692D} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5_user => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.exe <==== ATTENTION Task: {ADB3215C-2D42-4E7D-80EA-8E973A621446} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3141508201-2490937371-110901077-1000 Task: {AF1D68AF-6595-4205-A2E2-A2D04992CE0B} - System32\Tasks\0ffd1c89-9add-4d9c-a058-5dce671bf539 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.exe <==== ATTENTION Task: {AFCA60F2-D2C4-46D1-A751-71DFB555178E} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-1 => C:\Program Files (x86)\videos MediaPlay-Air\videos MediaPlay-Air-codedownloader.exe <==== ATTENTION Task: {BE48CB31-C0D2-4624-8E57-907E98B8D988} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-4 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.exe <==== ATTENTION Task: {D49AF548-DE5C-408C-B98B-5A6B74A07559} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-7 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-7.exe <==== ATTENTION Task: {D5E36B65-FC18-4FE1-89E1-025F73D23B19} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.exe <==== ATTENTION Task: {DA1FD350-AEBE-4EA3-9A77-F20AB7405838} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-2 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-2.exe <==== ATTENTION Task: {DED86BF7-39F4-4266-95BC-1639F669A8CF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {EC32BE6B-D8FF-40DD-B03C-84ADB1C2A01E} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-11 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-11.exe <==== ATTENTION Task: {FE82CFE6-B585-4783-BA42-D7773C87D30C} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-3 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-3.exe <==== ATTENTION Task: {FF80C31D-92BD-4674-9CC9-9DC82B8806F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: C:\Windows\Tasks\0ffd1c89-9add-4d9c-a058-5dce671bf539.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.exe <==== ATTENTION Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-1.job => C:\Program Files (x86)\videos MediaPlay-Air\videos MediaPlay-Air-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-11.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-11.exe <==== ATTENTION Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-2.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-2.exe <==== ATTENTION Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-3.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-3.exe <==== ATTENTION Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.exe <==== ATTENTION Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.exe <==== ATTENTION Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5_user.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.exe <==== ATTENTION Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-6.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-6.exe/agentregpath='videos MediaPlay-Air-nv' /appid=61799 /srcid='001673' /subid='verticals-ads,intext,pops,shopping' /zdata='0' /bic=85FA61F2EADB42B4863C9896BCA7AECAIE /verifier=f9b8669541a13ccc39c8beaee712b74a /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1409020470 /statsdomain=[URL]http://stats.loadclientinputsrv.com[/URL] /errorsdomain=[URL]http://errors.loadclientinputsrv.com[/URL] /codedownloaddomain=[URL]http://js.loadclientinputsrv.com[/URL] /defbro=ch /DllName32ToInjectToChrome='6303bd85-27d3-4a05-b467-afcc981aa290.dll' /DllName64ToInjectToChrome='86cc3807-c595-48eb-9fac-f1e938528824.dll' /nova64bitexe='5ace53e0-2407-4b4a-b916-78d25ab235cb-64.exe <==== ATTENTION Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-7.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-7.exeÙ/updateapp /agentregpath='videos MediaPlay-Air-nv' /appid=61799 /srcid='001673' /subid='verticals-ads,intext,pops,shopping' /zdata='0' /bic=85FA61F2EADB42B4863C9896BCA7AECAIE /verifier=f9b8669541a13ccc39c8beaee712b74a /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1409020470 /statsdomain=[URL]http://stats.loadclientinputsrv.com[/URL] /errorsdomain=[URL]http://errors.loadclientinputsrv.com[/URL] /codedownloaddomain=[URL]http://js.loadclientinputsrv.com[/URL] /defbro=ch /DllName32ToInjectToChrome='6303bd85-27d3-4a05-b467-afcc981aa290.dll' /DllName64ToInjectToChrome='86cc3807-c595-48eb-9fac-f1e938528824.dll' /nova64bitexe='5ace53e0-2407-4b4a-b916-78d25ab235cb-64.exe <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000Core.job => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000UA.job => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForDaniel'sComputer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2012-09-13 09:24 - 2010-10-14 09:05 - 00290816 _____ () C:\Windows\System32\HP1100LM.DLL 2012-09-13 09:25 - 2010-10-14 09:05 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-02-09 18:26 - 2012-02-09 18:26 - 00133632 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2012-02-09 18:26 - 2012-02-09 18:26 - 00048128 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2012-02-09 18:26 - 2012-02-09 18:26 - 00036864 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetDetect.dll 2013-02-07 08:19 - 2013-02-07 08:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe 2011-12-20 01:34 - 2011-12-20 01:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe 2012-02-15 04:53 - 2012-02-15 04:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-10-14 08:00 - 2014-10-14 08:00 - 00008192 _____ () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\ProxyResetOnKill.exe 2014-10-08 08:03 - 2014-10-08 08:03 - 00879104 _____ () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\platforms\qwindows.dll 2014-10-08 08:01 - 2014-10-08 08:01 - 00021504 _____ () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\imageformats\qgif.dll 2014-10-25 11:42 - 2014-10-25 11:42 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll 2012-06-22 03:23 - 2012-02-01 19:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2012-06-22 03:27 - 2012-10-30 18:12 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2015-01-16 17:50 - 2015-01-08 19:35 - 01077064 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\libglesv2.dll 2015-01-16 17:50 - 2015-01-08 19:35 - 00211272 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\libegl.dll 2015-01-16 17:50 - 2015-01-08 19:35 - 01677128 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll 2015-01-16 17:50 - 2015-01-08 19:35 - 14913352 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll 2015-01-16 17:50 - 2015-01-08 19:35 - 09009480 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3141508201-2490937371-110901077-500 - Administrator - Disabled) Daniel'sComputer (S-1-5-21-3141508201-2490937371-110901077-1000 - Administrator - Enabled) => C:\Users\Daniel'sComputer Guest (S-1-5-21-3141508201-2490937371-110901077-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3141508201-2490937371-110901077-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/20/2015 00:20:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/20/2015 00:20:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0. Error: (01/20/2015 00:20:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2 Error: (01/19/2015 11:34:43 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/19/2015 11:34:41 AM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0. Error: (01/19/2015 11:34:41 AM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2 Error: (01/16/2015 05:08:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/16/2015 05:08:56 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0. Error: (01/16/2015 05:08:56 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2 Error: (01/16/2015 05:07:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (01/20/2015 00:20:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (01/20/2015 00:19:40 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (01/19/2015 11:34:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (01/16/2015 05:08:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (01/16/2015 05:07:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (01/16/2015 05:06:22 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (01/16/2015 00:30:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (01/16/2015 00:30:14 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 6:39:03 PM on 1/15/2015 was unexpected. Error: (01/15/2015 06:11:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (01/12/2015 00:44:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. Microsoft Office Sessions: ========================= Error: (01/20/2015 00:20:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/20/2015 00:20:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0. Error: (01/20/2015 00:20:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2 Error: (01/19/2015 11:34:43 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/19/2015 11:34:41 AM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0. Error: (01/19/2015 11:34:41 AM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2 Error: (01/16/2015 05:08:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/16/2015 05:08:56 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0. Error: (01/16/2015 05:08:56 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2 Error: (01/16/2015 05:07:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz Percentage of memory in use: 58% Total physical RAM: 3998.31 MB Available physical RAM: 1667.25 MB Total Pagefile: 7994.8 MB Available Pagefile: 5252.42 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:446.1 GB) (Free:363.92 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:19.35 GB) (Free:2.1 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F74225FC) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=19.4 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=108 MB) - (Type=0C) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: E2030C0D) Partition 1: (Not Active) - (Size=4 GB) - (Type=84) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top