Obrona Ads, Ads by Sasa, etc
- Thread starter Dangrnwd
- Start date
- Apr 24, 2014
- 3,395
Helllo,
My name is Argus and and I will be helping you with your computer problems.
Before we begin, please note the following:
Download
Malwarebytes Anti-Rootkit to your desktop.
Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
My name is Argus and and I will be helping you with your computer problems.
Before we begin, please note the following:
- I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
- The logs can take some time to research, so please be patient with me.
- Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
- Instructions that I give are for your system only!
- Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
- Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
- Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
Download
- Double-click the icon to start the tool.
- It will ask you where to extract it, then it will start.
- Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
- Click in the introduction screen "next" to continue.
- Click in the following screen "Update" to obtain the latest malware definitions.
- Once the update is complete select "Next" and click "Scan".
- When the scan is finished and no malware has been found select "Exit".
- If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
- Open the MBAR folder and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Make sure that Addition option is checked.
- Press Scan button and wait.
- The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
I've pasted the four files in the order that you requested them.
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
Database version:
main: v2015.01.20.08
rootkit: v2015.01.14.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Daniel'sComputer :: DANIELSCOMPUTER [administrator]
1/20/2015 12:11:09 PM
mbar-log-2015-01-20 (12-11-09).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 343525
Time elapsed: 7 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17501
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 4192530432, free: 1768742912
Downloaded database version: v2015.01.19.08
Downloaded database version: v2015.01.14.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
01/19/2015 10:30:34
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\drivers\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\N360x64\1506000.020\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SRTSP64.SYS
\SystemRoot\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS
\SystemRoot\system32\drivers\N360x64\1506000.020\Ironx64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SYMNETS.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150106.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\iusb3xhc.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\Netwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\ikbevent.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\SynTP.sys
\SystemRoot\system32\DRIVERS\imsevent.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\Smb_driver.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\drivers\ISCTD64.sys
\SystemRoot\system32\drivers\irstrtdv.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\drivers\hswpan.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\iusb3hub.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\WPRO_41_2001.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Users\DANIEL~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150116.001\IDSvia64.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\monitor.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150118.025\EX64.SYS
\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150118.025\ENG64.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\imm32.dll
\Windows\System32\lpk.dll
\Windows\System32\iertutil.dll
\Windows\System32\oleaut32.dll
\Windows\System32\advapi32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\urlmon.dll
\Windows\System32\msctf.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\difxapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\gdi32.dll
\Windows\System32\psapi.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\Wldap32.dll
\Windows\System32\nsi.dll
\Windows\System32\sechost.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800633f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004e88050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800633e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa8004e84050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800633e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80061d5aa0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800633e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80061d4a60, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004e84050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F74225FC
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 935546880
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 935956480 Numsec = 40587264
Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 976543744 Numsec = 221184
Disk Size: 500104691712 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800633f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80061d6a30, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800633f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800633e920, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004e88050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E2030C0D
Partition information:
Partition 0 type is Other (0x84)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 8384512
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 4294967296 bytes
Sector size: 512 bytes
Done!
File C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf will be destroyed
Infected: C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf --> [PUP.Optional.WebInstr.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\FREESOFTTODAY --> [Adware.EoRezo]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17501
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 4192530432, free: 1410981888
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17501
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 4192530432, free: 1170419712
Downloaded database version: v2015.01.20.08
Downloaded database version: v2015.01.14.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
01/20/2015 12:11:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\drivers\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SRTSP64.SYS
\SystemRoot\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS
\SystemRoot\system32\drivers\N360x64\1506000.020\Ironx64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SYMNETS.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150106.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\iusb3xhc.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\Netwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\ikbevent.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\SynTP.sys
\SystemRoot\system32\DRIVERS\imsevent.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\Smb_driver.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\drivers\ISCTD64.sys
\SystemRoot\system32\drivers\irstrtdv.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\drivers\hswpan.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\iusb3hub.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\WPRO_41_2001.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150119.003\EX64.SYS
\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150119.003\ENG64.SYS
\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150119.001\IDSvia64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\usp10.dll
\Windows\System32\comdlg32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shell32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\kernel32.dll
\Windows\System32\normaliz.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\setupapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\sechost.dll
\Windows\System32\lpk.dll
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ole32.dll
\Windows\System32\gdi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\difxapi.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\wininet.dll
\Windows\System32\iertutil.dll
\Windows\System32\imagehlp.dll
\Windows\System32\userenv.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
Scan started
Database versions:
main: v2015.01.20.08
rootkit: v2015.01.14.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006320060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006320b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006320060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80061bdb10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004bbc050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F74225FC
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 935546880
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 935956480 Numsec = 40587264
Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 976543744 Numsec = 221184
Disk Size: 500104691712 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8006321060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006321b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006321060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80061beb10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004bc0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E2030C0D
Partition information:
Partition 0 type is Other (0x84)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 8384512
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 4294967296 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Daniel'sComputer (administrator) on DANIELSCOMPUTER on 20-01-2015 12:48:26
Running from C:\Users\Daniel'sComputer\Downloads
Loaded Profiles: Daniel'sComputer (Available profiles: Daniel'sComputer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Vertro Inc.) C:\Users\Daniel'sComputer\AppData\LocalLow\alotservice\alotservice.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(RedSky Sp. z o.o.) C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe
(Spotify Ltd) C:\Users\Daniel'sComputer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\ProxyResetOnKill.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-01] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-10-30] (IDT, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [fst_us_227] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Run: [Google Update] => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-14] (Google Inc.)
HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Run: [Obrona Block Ads] => C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe [1509336 2014-10-16] (RedSky Sp. z o.o.)
HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Run: [Spotify Web Helper] => C:\Users\Daniel'sComputer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-16] (Spotify Ltd)
HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\MountPoints2: {91d8925f-f7b3-11e1-b448-685d43884176} - E:\SISetup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-3141508201-2490937371-110901077-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3141508201-2490937371-110901077-1000] => http=127.0.0.1:9880
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istart123.com/?type=sc&ts=1409020461&from=tugs&uid=_
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}
SearchScopes: HKLM -> {41984860-5C6A-449C-923F-ECDB575133B9} URL = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=Snap...3b-9bde8bedda69&searchtype=ds&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}
SearchScopes: HKLM-x32 -> {41984860-5C6A-449C-923F-ECDB575133B9} URL = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3141508201-2490937371-110901077-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-3141508201-2490937371-110901077-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: videos MediaPlay-Air -> {11111111-1111-1111-1111-110611171199} -> C:\Program Files (x86)\videos MediaPlay-Air\videos MediaPlay-Air-bho64.dll No File
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {964968F9-058C-7826-FFDB-BC48A3C1CDCE} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ALOT Appbar Helper -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {964968F9-058C-7826-FFDB-BC48A3C1CDCE} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll (Vertro, Inc)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 128.192.1.19 128.192.1.193 128.192.1.9
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3141508201-2490937371-110901077-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3141508201-2490937371-110901077-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF [2015-01-08]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2015-01-20]
FF HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Firefox\Extensions: [{3D8EAB39-F7C9-E23B-E10F-73F55C97D6F3}] - C:\Program Files (x86)\ver6Re-markit\178.xpi
Chrome:
=======
CHR Profile: C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Website Logon) - C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2014-08-26]
CHR Extension: (Google Wallet) - C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-08]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-08]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AlotService; C:\Users\Daniel'sComputer\AppData\LocalLow\alotservice\alotservice.exe [255880 2012-07-11] (Vertro Inc.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-25] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-25] (globalUpdate) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-06] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-10-30] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-10-30] (IDT, Inc.) [File not signed]
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)
R3 hswpan; C:\Windows\system32\drivers\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150119.001\IDSvia64.sys [668888 2015-01-16] (Symantec Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2012-02-07] (Intel Corporation)
R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-10-13] (Marvell Semiconductor, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150119.023\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150119.023\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-01] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-01-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-20] ()
S3 cpuz134; \??\C:\Users\DANIEL~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-20 12:47 - 2015-01-20 12:47 - 02126848 _____ (Farbar) C:\Users\Daniel'sComputer\Downloads\FRST64.exe
2015-01-20 12:07 - 2015-01-20 12:08 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Daniel'sComputer\Downloads\mbar-1.08.3.1004.exe
2015-01-19 20:42 - 2015-01-19 20:42 - 00001306 _____ () C:\Users\Daniel'sComputer\Desktop\mbar-1.08.2.1001 - Shortcut.lnk
2015-01-19 20:25 - 2015-01-19 20:38 - 00036301 _____ () C:\Users\Daniel'sComputer\Downloads\Addition.txt
2015-01-19 20:21 - 2015-01-20 12:48 - 00000000 ____D () C:\FRST
2015-01-19 10:30 - 2015-01-20 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-19 10:30 - 2015-01-20 12:11 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 10:30 - 2015-01-19 10:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 10:29 - 2015-01-20 12:19 - 00000000 ____D () C:\Users\Daniel'sComputer\Desktop\mbar
2015-01-19 10:29 - 2015-01-20 12:09 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-19 10:28 - 2015-01-19 10:28 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Daniel'sComputer\Downloads\mbar-1.08.2.1001.exe
2015-01-16 17:50 - 2015-01-20 12:48 - 00028372 _____ () C:\Users\Daniel'sComputer\Downloads\FRST.txt
2015-01-16 17:23 - 2015-01-16 17:36 - 00000156 _____ () C:\Windows\Reimage.ini
2015-01-16 17:22 - 2015-01-16 17:22 - 00775968 _____ (Reimage®) C:\Users\Daniel'sComputer\Downloads\ReimageRepair.exe
2015-01-16 17:16 - 2015-01-16 17:16 - 00000000 __SHD () C:\Users\Daniel'sComputer\AppData\Local\EmieUserList
2015-01-16 17:16 - 2015-01-16 17:16 - 00000000 __SHD () C:\Users\Daniel'sComputer\AppData\Local\EmieSiteList
2015-01-16 17:16 - 2015-01-16 17:16 - 00000000 __SHD () C:\Users\Daniel'sComputer\AppData\Local\EmieBrowserModeList
2015-01-16 16:27 - 2015-01-16 16:27 - 00000000 _____ () C:\autoexec.bat
2015-01-16 16:26 - 2015-01-16 16:26 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Daniel'sComputer\Downloads\SpyHunter-Installer.exe
2015-01-14 12:20 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:20 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:20 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:20 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:20 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:20 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:20 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:20 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:20 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:20 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:20 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:20 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:20 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 12:11 - 2015-01-14 12:11 - 00047241 _____ () C:\Users\Daniel'sComputer\Downloads\Topic Workshop 2.pptx
2015-01-12 18:56 - 2015-01-12 18:56 - 00045429 _____ () C:\Users\Daniel'sComputer\Downloads\Chapter5-DemandEstimation.xlsx
2015-01-11 19:42 - 2015-01-11 19:42 - 00056629 _____ () C:\Users\Daniel'sComputer\Downloads\Topic Workshop 1.pptx
2015-01-10 17:50 - 2015-01-10 17:50 - 00000864 _____ () C:\Users\Daniel'sComputer\Downloads\Age_of_Mythology_The_Titans.rar - Shortcut.lnk
2015-01-10 17:12 - 2015-01-10 17:12 - 00288946 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-01-10 16:50 - 2015-01-10 16:50 - 00000000 ____D () C:\Users\Daniel'sComputer\Downloads\Age_of_Mythology_The_Titans
2015-01-10 16:48 - 2015-01-10 17:16 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\Philipp Winterberg
2015-01-10 16:48 - 2015-01-10 16:49 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-01-10 16:48 - 2015-01-10 16:48 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-10 16:48 - 2015-01-10 16:48 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\TuneUp Software
2015-01-10 16:48 - 2015-01-10 16:48 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\OpenCandy
2015-01-10 16:46 - 2015-01-10 16:46 - 01450496 _____ (Philipp Winterberg) C:\Users\Daniel'sComputer\Downloads\InstallFreeRARExtractFrog.exe
2015-01-10 14:18 - 2015-01-10 15:25 - 417749852 _____ () C:\Users\Daniel'sComputer\Downloads\Age_of_Mythology_The_Titans.rar
2015-01-10 11:52 - 2015-01-10 11:52 - 00291460 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-01-08 22:09 - 2015-01-20 12:20 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2015-01-08 22:06 - 2015-01-19 12:21 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads
2015-01-08 22:06 - 2015-01-08 22:06 - 00001208 _____ () C:\Users\Daniel'sComputer\Desktop\OBRONA BlockAds.lnk
2015-01-08 22:06 - 2015-01-08 22:06 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OBRONA BlockAds
2015-01-08 22:05 - 2015-01-08 22:05 - 353578952 _____ (Microsoft Corporation ) C:\Users\Daniel'sComputer\Downloads\AOMTrial.exe
2015-01-08 21:57 - 2015-01-08 21:57 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2015-01-08 21:50 - 2015-01-08 21:50 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-01-08 21:50 - 2015-01-08 21:50 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-01-08 21:50 - 2015-01-08 21:50 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-01-08 21:50 - 2015-01-08 21:50 - 00002393 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2015-01-08 21:50 - 2015-01-08 21:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-01-08 21:50 - 2015-01-08 21:50 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2015-01-08 21:50 - 2015-01-08 21:50 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-01-08 21:50 - 2015-01-08 21:50 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2015-01-08 21:40 - 2015-01-08 21:40 - 00000000 ____D () C:\ProgramData\PCSettings
2015-01-08 21:37 - 2015-01-08 21:52 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-01-08 21:37 - 2015-01-08 21:42 - 00001310 _____ () C:\Users\Daniel'sComputer\Desktop\Norton Installation Files.lnk
2015-01-08 21:36 - 2015-01-08 21:36 - 01021984 _____ (Symantec Corporation) C:\Users\Daniel'sComputer\Downloads\NortonN360Downloader.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-20 12:48 - 2012-08-14 16:18 - 103570971 _____ () C:\alotserviceruntime.log
2015-01-20 12:45 - 2012-03-24 21:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 12:41 - 2012-08-13 18:11 - 01433398 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 12:39 - 2012-08-13 18:17 - 00003998 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5880691C-0C46-4652-B3F1-059E055360B6}
2015-01-20 12:34 - 2014-08-25 21:34 - 00002492 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-6.job
2015-01-20 12:34 - 2009-07-13 23:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 12:34 - 2009-07-13 23:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 12:26 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-20 12:20 - 2014-08-25 21:35 - 00004178 _____ () C:\Windows\Tasks\0ffd1c89-9add-4d9c-a058-5dce671bf539.job
2015-01-20 12:20 - 2014-08-25 21:35 - 00002752 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.job
2015-01-20 12:20 - 2014-08-25 21:35 - 00001950 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-1.job
2015-01-20 12:20 - 2014-08-25 21:35 - 00001856 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5_user.job
2015-01-20 12:20 - 2014-08-25 21:35 - 00001836 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.job
2015-01-20 12:20 - 2014-08-25 21:35 - 00001562 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-2.job
2015-01-20 12:20 - 2014-08-25 21:34 - 00004516 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-11.job
2015-01-20 12:20 - 2014-08-25 21:34 - 00003834 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-3.job
2015-01-20 12:20 - 2014-08-25 21:34 - 00002368 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-7.job
2015-01-20 12:20 - 2014-08-25 21:34 - 00000920 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-20 12:20 - 2012-06-22 03:26 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-01-20 12:20 - 2010-11-20 22:47 - 00927974 _____ () C:\Windows\PFRO.log
2015-01-20 12:20 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 12:20 - 2009-07-13 23:51 - 00068311 _____ () C:\Windows\setupact.log
2015-01-20 12:19 - 2012-10-24 20:41 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\Spotify
2015-01-20 12:17 - 2012-08-14 21:12 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000Core.job
2015-01-20 12:03 - 2014-08-25 21:34 - 00000924 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-01-20 12:02 - 2012-08-14 21:12 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000UA.job
2015-01-19 12:45 - 2012-11-06 18:16 - 00000000 ____D () C:\Program Files (x86)\HP SimplePass
2015-01-19 10:06 - 2013-03-27 15:17 - 00003252 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDaniel'sComputer
2015-01-19 10:06 - 2013-03-27 15:17 - 00000376 _____ () C:\Windows\Tasks\HPCeeScheduleForDaniel'sComputer.job
2015-01-19 10:06 - 2012-10-24 20:41 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Local\Spotify
2015-01-16 17:51 - 2012-08-14 21:13 - 00002430 _____ () C:\Users\Daniel'sComputer\Desktop\Google Chrome.lnk
2015-01-15 13:05 - 2014-02-24 01:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 13:00 - 2014-02-24 01:53 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:04 - 2012-12-04 20:55 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-13 15:04 - 2012-08-14 15:17 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-13 13:45 - 2012-03-24 21:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 13:45 - 2012-03-24 21:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 13:45 - 2012-03-24 21:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-10 17:01 - 2012-08-16 18:56 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-01-08 22:09 - 2012-08-14 05:16 - 00109680 _____ () C:\Users\Daniel'sComputer\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-08 22:09 - 2009-07-13 23:45 - 00409520 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-08 21:52 - 2012-06-22 03:33 - 00000000 ____D () C:\ProgramData\Norton
2015-01-08 21:37 - 2013-05-19 11:38 - 00000000 ____D () C:\Users\Public\Downloads\Norton
==================== Files in the root of some directories =======
2012-08-14 04:28 - 2012-08-14 04:28 - 0007605 _____ () C:\Users\Daniel'sComputer\AppData\Local\Resmon.ResmonCfg
2013-11-20 10:54 - 2013-11-20 10:55 - 0023763 _____ () C:\Users\Daniel'sComputer\AppData\Local\WiDiSetupLog.20131120.105403.wdl
Some content of TEMP:
====================
C:\Users\Daniel'sComputer\AppData\Local\Temp\siinst.exe
C:\Users\Daniel'sComputer\AppData\Local\Temp\strings.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-11 13:14
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Daniel'sComputer at 2015-01-20 12:48:56
Running from C:\Users\Daniel'sComputer\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 Premier Edition (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.17 - Absolute Software)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
ALOT Appbar (HKLM-x32\...\alotAppbar) (Version: - ALOT) <==== ATTENTION
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{FCD6D60F-AF2B-49E3-ABC4-A4C96B56225D}) (Version: 3.0.9391 - K-NFB Reading Technology, Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.3.5010 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DefaultTab Chrome (HKLM-x32\...\DefaultTab Chrome) (Version: 1.1.14 - Search Results, LLC) <==== ATTENTION
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{7DA9DD7F-F4D9-40FB-BD27-69B7731DEDD9}) (Version: 5.1.3 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Genieo (HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\genieo) (Version: 1.0.412 - Genieo Innovation Ltd.)
Gephi 0.8.2 (HKLM-x32\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version: - Gephi)
Google Chrome (HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{DF2D7B73-3E53-4241-B6B5-64D8344AEF6B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{42719DC3-4982-47DD-B025-B21C4BDD504D}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP SimplePass PE (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel(R) Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - )
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
OBRONA BlockAds (HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\ObronaBlockAds) (Version: 1.1.31 - OBRONA BlockAds / Red Sky LLC) <==== ATTENTION
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.2.0 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VIP Access SDK (1.1.0.4) (HKLM-x32\...\VIP Access SDK) (Version: 1.1.0.4 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
20-12-2014 12:59:03 Windows Update
10-01-2015 11:51:52 Windows Update
10-01-2015 17:05:52 Removed TuneUp Utilities 2014
10-01-2015 17:06:53 Removed TuneUp Utilities 2014 (en-US)
10-01-2015 17:12:24 Windows Update
10-01-2015 17:21:39 Removed MSXML 4.0 SP2 (KB973688)
10-01-2015 17:22:52 Removed MSXML 4.0 SP2 (KB954430)
10-01-2015 17:51:54 Removed MSXML4 Parser
15-01-2015 12:59:48 Windows Update
19-01-2015 10:52:59 Malwarebytes Anti-Rootkit Restore Point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {082ADDB1-276B-45A8-9036-B3F90ACECBEF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {180C8B28-B52B-476A-8C3B-7D35C09E8F03} - System32\Tasks\HPCeeScheduleForDaniel'sComputer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {1F67EFB8-9BF8-4BB4-BFC2-DE9DEDDA7F1A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000UA => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14] (Google Inc.)
Task: {21D0B8BD-D4B6-4323-B4FD-CA43099223F9} - System32\Tasks\Absolute Reminder => C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe [2011-07-12] (Absolute Software)
Task: {2EAADA8A-53F4-4D6C-904E-F1FF33A23288} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000Core => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14] (Google Inc.)
Task: {3A6511A8-9A93-45F4-B629-38F7988C6DB1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {3D2B7924-3055-4EB2-A016-68FA8E370A91} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-10] (CyberLink)
Task: {411AE6CF-BFB3-489B-B206-8913C57A6A43} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5A745ACC-C095-41C0-BDCC-1F779E20277A} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-6 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-6.exe <==== ATTENTION
Task: {7430CB6A-BCDE-4DAB-B658-929F80B23098} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-25] (globalUpdate) <==== ATTENTION
Task: {77A5A260-2EBF-4E62-AE13-DA1503CD2D74} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-25] (globalUpdate) <==== ATTENTION
Task: {79333076-6D06-445F-A346-4CBC82DC2159} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {7B18FB34-C56E-4DEA-BF70-58C9F957031D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {917A416A-00DA-4DD2-BBE4-6AE029B601C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {97110AFF-1D71-4C5E-9AE0-709696AC3859} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {98714AFE-63DB-42E6-8892-19BC4CBC692D} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5_user => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.exe <==== ATTENTION
Task: {ADB3215C-2D42-4E7D-80EA-8E973A621446} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3141508201-2490937371-110901077-1000
Task: {AF1D68AF-6595-4205-A2E2-A2D04992CE0B} - System32\Tasks\0ffd1c89-9add-4d9c-a058-5dce671bf539 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.exe <==== ATTENTION
Task: {AFCA60F2-D2C4-46D1-A751-71DFB555178E} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-1 => C:\Program Files (x86)\videos MediaPlay-Air\videos MediaPlay-Air-codedownloader.exe <==== ATTENTION
Task: {BE48CB31-C0D2-4624-8E57-907E98B8D988} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-4 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.exe <==== ATTENTION
Task: {D49AF548-DE5C-408C-B98B-5A6B74A07559} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-7 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-7.exe <==== ATTENTION
Task: {D5E36B65-FC18-4FE1-89E1-025F73D23B19} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.exe <==== ATTENTION
Task: {DA1FD350-AEBE-4EA3-9A77-F20AB7405838} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-2 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-2.exe <==== ATTENTION
Task: {DED86BF7-39F4-4266-95BC-1639F669A8CF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EC32BE6B-D8FF-40DD-B03C-84ADB1C2A01E} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-11 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-11.exe <==== ATTENTION
Task: {FE82CFE6-B585-4783-BA42-D7773C87D30C} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-3 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-3.exe <==== ATTENTION
Task: {FF80C31D-92BD-4674-9CC9-9DC82B8806F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\0ffd1c89-9add-4d9c-a058-5dce671bf539.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-1.job => C:\Program Files (x86)\videos MediaPlay-Air\videos MediaPlay-Air-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-11.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-2.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-3.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5_user.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-6.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-6.exe/agentregpath='videos MediaPlay-Air-nv' /appid=61799 /srcid='001673' /subid='verticals-ads,intext,pops,shopping' /zdata='0' /bic=85FA61F2EADB42B4863C9896BCA7AECAIE /verifier=f9b8669541a13ccc39c8beaee712b74a /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1409020470 /statsdomain=http://stats.loadclientinputsrv.com /errorsdomain=http://errors.loadclientinputsrv.com /codedownloaddomain=http://js.loadclientinputsrv.com /defbro=ch /DllName32ToInjectToChrome='6303bd85-27d3-4a05-b467-afcc981aa290.dll' /DllName64ToInjectToChrome='86cc3807-c595-48eb-9fac-f1e938528824.dll' /nova64bitexe='5ace53e0-2407-4b4a-b916-78d25ab235cb-64.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-7.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-7.exeÙ/updateapp /agentregpath='videos MediaPlay-Air-nv' /appid=61799 /srcid='001673' /subid='verticals-ads,intext,pops,shopping' /zdata='0' /bic=85FA61F2EADB42B4863C9896BCA7AECAIE /verifier=f9b8669541a13ccc39c8beaee712b74a /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1409020470 /statsdomain=http://stats.loadclientinputsrv.com /errorsdomain=http://errors.loadclientinputsrv.com /codedownloaddomain=http://js.loadclientinputsrv.com /defbro=ch /DllName32ToInjectToChrome='6303bd85-27d3-4a05-b467-afcc981aa290.dll' /DllName64ToInjectToChrome='86cc3807-c595-48eb-9fac-f1e938528824.dll' /nova64bitexe='5ace53e0-2407-4b4a-b916-78d25ab235cb-64.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000Core.job => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000UA.job => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDaniel'sComputer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2012-09-13 09:24 - 2010-10-14 09:05 - 00290816 _____ () C:\Windows\System32\HP1100LM.DLL
2012-09-13 09:25 - 2010-10-14 09:05 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-02-09 18:26 - 2012-02-09 18:26 - 00133632 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2012-02-09 18:26 - 2012-02-09 18:26 - 00048128 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2012-02-09 18:26 - 2012-02-09 18:26 - 00036864 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetDetect.dll
2013-02-07 08:19 - 2013-02-07 08:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2011-12-20 01:34 - 2011-12-20 01:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2012-02-15 04:53 - 2012-02-15 04:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-14 08:00 - 2014-10-14 08:00 - 00008192 _____ () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\ProxyResetOnKill.exe
2014-10-08 08:03 - 2014-10-08 08:03 - 00879104 _____ () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\platforms\qwindows.dll
2014-10-08 08:01 - 2014-10-08 08:01 - 00021504 _____ () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\imageformats\qgif.dll
2014-10-25 11:42 - 2014-10-25 11:42 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-06-22 03:23 - 2012-02-01 19:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-06-22 03:27 - 2012-10-30 18:12 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-01-16 17:50 - 2015-01-08 19:35 - 01077064 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 17:50 - 2015-01-08 19:35 - 00211272 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-16 17:50 - 2015-01-08 19:35 - 01677128 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-16 17:50 - 2015-01-08 19:35 - 14913352 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
2015-01-16 17:50 - 2015-01-08 19:35 - 09009480 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3141508201-2490937371-110901077-500 - Administrator - Disabled)
Daniel'sComputer (S-1-5-21-3141508201-2490937371-110901077-1000 - Administrator - Enabled) => C:\Users\Daniel'sComputer
Guest (S-1-5-21-3141508201-2490937371-110901077-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3141508201-2490937371-110901077-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/20/2015 00:20:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2015 00:20:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.
Error: (01/20/2015 00:20:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2
Error: (01/19/2015 11:34:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2015 11:34:41 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.
Error: (01/19/2015 11:34:41 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2
Error: (01/16/2015 05:08:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2015 05:08:56 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.
Error: (01/16/2015 05:08:56 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2
Error: (01/16/2015 05:07:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/20/2015 00:20:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/20/2015 00:19:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (01/19/2015 11:34:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/16/2015 05:08:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/16/2015 05:07:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/16/2015 05:06:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (01/16/2015 00:30:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/16/2015 00:30:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:39:03 PM on 1/15/2015 was unexpected.
Error: (01/15/2015 06:11:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/12/2015 00:44:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
Microsoft Office Sessions:
=========================
Error: (01/20/2015 00:20:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2015 00:20:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.
Error: (01/20/2015 00:20:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2
Error: (01/19/2015 11:34:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2015 11:34:41 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.
Error: (01/19/2015 11:34:41 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2
Error: (01/16/2015 05:08:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2015 05:08:56 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.
Error: (01/16/2015 05:08:56 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2
Error: (01/16/2015 05:07:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 58%
Total physical RAM: 3998.31 MB
Available physical RAM: 1667.25 MB
Total Pagefile: 7994.8 MB
Available Pagefile: 5252.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:446.1 GB) (Free:363.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.35 GB) (Free:2.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F74225FC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=108 MB) - (Type=0C)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: E2030C0D)
Partition 1: (Not Active) - (Size=4 GB) - (Type=84)
==================== End Of Log ============================
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
Database version:
main: v2015.01.20.08
rootkit: v2015.01.14.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Daniel'sComputer :: DANIELSCOMPUTER [administrator]
1/20/2015 12:11:09 PM
mbar-log-2015-01-20 (12-11-09).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 343525
Time elapsed: 7 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17501
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 4192530432, free: 1768742912
Downloaded database version: v2015.01.19.08
Downloaded database version: v2015.01.14.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
01/19/2015 10:30:34
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\drivers\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\N360x64\1506000.020\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SRTSP64.SYS
\SystemRoot\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS
\SystemRoot\system32\drivers\N360x64\1506000.020\Ironx64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SYMNETS.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150106.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\iusb3xhc.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\Netwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\ikbevent.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\SynTP.sys
\SystemRoot\system32\DRIVERS\imsevent.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\Smb_driver.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\drivers\ISCTD64.sys
\SystemRoot\system32\drivers\irstrtdv.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\drivers\hswpan.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\iusb3hub.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\WPRO_41_2001.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Users\DANIEL~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150116.001\IDSvia64.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\monitor.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150118.025\EX64.SYS
\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150118.025\ENG64.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\imm32.dll
\Windows\System32\lpk.dll
\Windows\System32\iertutil.dll
\Windows\System32\oleaut32.dll
\Windows\System32\advapi32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\urlmon.dll
\Windows\System32\msctf.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\difxapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\gdi32.dll
\Windows\System32\psapi.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\Wldap32.dll
\Windows\System32\nsi.dll
\Windows\System32\sechost.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800633f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004e88050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800633e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa8004e84050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800633e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80061d5aa0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800633e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80061d4a60, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004e84050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F74225FC
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 935546880
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 935956480 Numsec = 40587264
Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 976543744 Numsec = 221184
Disk Size: 500104691712 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800633f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80061d6a30, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800633f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800633e920, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004e88050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E2030C0D
Partition information:
Partition 0 type is Other (0x84)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 8384512
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 4294967296 bytes
Sector size: 512 bytes
Done!
File C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf will be destroyed
Infected: C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf --> [PUP.Optional.WebInstr.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\FREESOFTTODAY --> [Adware.EoRezo]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17501
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 4192530432, free: 1410981888
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17501
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 4192530432, free: 1170419712
Downloaded database version: v2015.01.20.08
Downloaded database version: v2015.01.14.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
01/20/2015 12:11:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\drivers\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SRTSP64.SYS
\SystemRoot\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS
\SystemRoot\system32\drivers\N360x64\1506000.020\Ironx64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SYMNETS.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150106.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\iusb3xhc.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\Netwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\ikbevent.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\SynTP.sys
\SystemRoot\system32\DRIVERS\imsevent.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\Smb_driver.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\drivers\ISCTD64.sys
\SystemRoot\system32\drivers\irstrtdv.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\drivers\hswpan.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\iusb3hub.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\WPRO_41_2001.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150119.003\EX64.SYS
\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150119.003\ENG64.SYS
\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150119.001\IDSvia64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\usp10.dll
\Windows\System32\comdlg32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shell32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\kernel32.dll
\Windows\System32\normaliz.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\setupapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\sechost.dll
\Windows\System32\lpk.dll
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ole32.dll
\Windows\System32\gdi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\difxapi.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\wininet.dll
\Windows\System32\iertutil.dll
\Windows\System32\imagehlp.dll
\Windows\System32\userenv.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
Scan started
Database versions:
main: v2015.01.20.08
rootkit: v2015.01.14.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006320060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006320b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006320060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80061bdb10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004bbc050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F74225FC
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 935546880
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 935956480 Numsec = 40587264
Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 976543744 Numsec = 221184
Disk Size: 500104691712 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8006321060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006321b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006321060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80061beb10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004bc0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E2030C0D
Partition information:
Partition 0 type is Other (0x84)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 8384512
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 4294967296 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Daniel'sComputer (administrator) on DANIELSCOMPUTER on 20-01-2015 12:48:26
Running from C:\Users\Daniel'sComputer\Downloads
Loaded Profiles: Daniel'sComputer (Available profiles: Daniel'sComputer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Vertro Inc.) C:\Users\Daniel'sComputer\AppData\LocalLow\alotservice\alotservice.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(RedSky Sp. z o.o.) C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe
(Spotify Ltd) C:\Users\Daniel'sComputer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\ProxyResetOnKill.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-01] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-10-30] (IDT, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [fst_us_227] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Run: [Google Update] => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-14] (Google Inc.)
HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Run: [Obrona Block Ads] => C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe [1509336 2014-10-16] (RedSky Sp. z o.o.)
HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Run: [Spotify Web Helper] => C:\Users\Daniel'sComputer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-16] (Spotify Ltd)
HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\MountPoints2: {91d8925f-f7b3-11e1-b448-685d43884176} - E:\SISetup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-3141508201-2490937371-110901077-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3141508201-2490937371-110901077-1000] => http=127.0.0.1:9880
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1409020461&from=tugs&uid=_
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istart123.com/?type=sc&ts=1409020461&from=tugs&uid=_
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}
SearchScopes: HKLM -> {41984860-5C6A-449C-923F-ECDB575133B9} URL = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=Snap...3b-9bde8bedda69&searchtype=ds&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1409020461&from=tugs&uid=_&q={searchTerms}
SearchScopes: HKLM-x32 -> {41984860-5C6A-449C-923F-ECDB575133B9} URL = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3141508201-2490937371-110901077-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-3141508201-2490937371-110901077-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: videos MediaPlay-Air -> {11111111-1111-1111-1111-110611171199} -> C:\Program Files (x86)\videos MediaPlay-Air\videos MediaPlay-Air-bho64.dll No File
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {964968F9-058C-7826-FFDB-BC48A3C1CDCE} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ALOT Appbar Helper -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {964968F9-058C-7826-FFDB-BC48A3C1CDCE} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll (Vertro, Inc)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 128.192.1.19 128.192.1.193 128.192.1.9
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3141508201-2490937371-110901077-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3141508201-2490937371-110901077-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF [2015-01-08]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2015-01-20]
FF HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Firefox\Extensions: [{3D8EAB39-F7C9-E23B-E10F-73F55C97D6F3}] - C:\Program Files (x86)\ver6Re-markit\178.xpi
Chrome:
=======
CHR Profile: C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Website Logon) - C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2014-08-26]
CHR Extension: (Google Wallet) - C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-08]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-08]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AlotService; C:\Users\Daniel'sComputer\AppData\LocalLow\alotservice\alotservice.exe [255880 2012-07-11] (Vertro Inc.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-25] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-25] (globalUpdate) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-06] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-10-30] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-10-30] (IDT, Inc.) [File not signed]
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)
R3 hswpan; C:\Windows\system32\drivers\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150119.001\IDSvia64.sys [668888 2015-01-16] (Symantec Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2012-02-07] (Intel Corporation)
R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-10-13] (Marvell Semiconductor, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150119.023\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150119.023\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-01] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-01-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-20] ()
S3 cpuz134; \??\C:\Users\DANIEL~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-20 12:47 - 2015-01-20 12:47 - 02126848 _____ (Farbar) C:\Users\Daniel'sComputer\Downloads\FRST64.exe
2015-01-20 12:07 - 2015-01-20 12:08 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Daniel'sComputer\Downloads\mbar-1.08.3.1004.exe
2015-01-19 20:42 - 2015-01-19 20:42 - 00001306 _____ () C:\Users\Daniel'sComputer\Desktop\mbar-1.08.2.1001 - Shortcut.lnk
2015-01-19 20:25 - 2015-01-19 20:38 - 00036301 _____ () C:\Users\Daniel'sComputer\Downloads\Addition.txt
2015-01-19 20:21 - 2015-01-20 12:48 - 00000000 ____D () C:\FRST
2015-01-19 10:30 - 2015-01-20 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-19 10:30 - 2015-01-20 12:11 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 10:30 - 2015-01-19 10:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 10:29 - 2015-01-20 12:19 - 00000000 ____D () C:\Users\Daniel'sComputer\Desktop\mbar
2015-01-19 10:29 - 2015-01-20 12:09 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-19 10:28 - 2015-01-19 10:28 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Daniel'sComputer\Downloads\mbar-1.08.2.1001.exe
2015-01-16 17:50 - 2015-01-20 12:48 - 00028372 _____ () C:\Users\Daniel'sComputer\Downloads\FRST.txt
2015-01-16 17:23 - 2015-01-16 17:36 - 00000156 _____ () C:\Windows\Reimage.ini
2015-01-16 17:22 - 2015-01-16 17:22 - 00775968 _____ (Reimage®) C:\Users\Daniel'sComputer\Downloads\ReimageRepair.exe
2015-01-16 17:16 - 2015-01-16 17:16 - 00000000 __SHD () C:\Users\Daniel'sComputer\AppData\Local\EmieUserList
2015-01-16 17:16 - 2015-01-16 17:16 - 00000000 __SHD () C:\Users\Daniel'sComputer\AppData\Local\EmieSiteList
2015-01-16 17:16 - 2015-01-16 17:16 - 00000000 __SHD () C:\Users\Daniel'sComputer\AppData\Local\EmieBrowserModeList
2015-01-16 16:27 - 2015-01-16 16:27 - 00000000 _____ () C:\autoexec.bat
2015-01-16 16:26 - 2015-01-16 16:26 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Daniel'sComputer\Downloads\SpyHunter-Installer.exe
2015-01-14 12:20 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:20 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:20 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:20 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:20 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:20 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:20 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:20 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:20 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:20 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:20 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:20 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:20 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 12:11 - 2015-01-14 12:11 - 00047241 _____ () C:\Users\Daniel'sComputer\Downloads\Topic Workshop 2.pptx
2015-01-12 18:56 - 2015-01-12 18:56 - 00045429 _____ () C:\Users\Daniel'sComputer\Downloads\Chapter5-DemandEstimation.xlsx
2015-01-11 19:42 - 2015-01-11 19:42 - 00056629 _____ () C:\Users\Daniel'sComputer\Downloads\Topic Workshop 1.pptx
2015-01-10 17:50 - 2015-01-10 17:50 - 00000864 _____ () C:\Users\Daniel'sComputer\Downloads\Age_of_Mythology_The_Titans.rar - Shortcut.lnk
2015-01-10 17:12 - 2015-01-10 17:12 - 00288946 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-01-10 16:50 - 2015-01-10 16:50 - 00000000 ____D () C:\Users\Daniel'sComputer\Downloads\Age_of_Mythology_The_Titans
2015-01-10 16:48 - 2015-01-10 17:16 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\Philipp Winterberg
2015-01-10 16:48 - 2015-01-10 16:49 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-01-10 16:48 - 2015-01-10 16:48 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-10 16:48 - 2015-01-10 16:48 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\TuneUp Software
2015-01-10 16:48 - 2015-01-10 16:48 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\OpenCandy
2015-01-10 16:46 - 2015-01-10 16:46 - 01450496 _____ (Philipp Winterberg) C:\Users\Daniel'sComputer\Downloads\InstallFreeRARExtractFrog.exe
2015-01-10 14:18 - 2015-01-10 15:25 - 417749852 _____ () C:\Users\Daniel'sComputer\Downloads\Age_of_Mythology_The_Titans.rar
2015-01-10 11:52 - 2015-01-10 11:52 - 00291460 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-01-08 22:09 - 2015-01-20 12:20 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2015-01-08 22:06 - 2015-01-19 12:21 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads
2015-01-08 22:06 - 2015-01-08 22:06 - 00001208 _____ () C:\Users\Daniel'sComputer\Desktop\OBRONA BlockAds.lnk
2015-01-08 22:06 - 2015-01-08 22:06 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OBRONA BlockAds
2015-01-08 22:05 - 2015-01-08 22:05 - 353578952 _____ (Microsoft Corporation ) C:\Users\Daniel'sComputer\Downloads\AOMTrial.exe
2015-01-08 21:57 - 2015-01-08 21:57 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2015-01-08 21:50 - 2015-01-08 21:50 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-01-08 21:50 - 2015-01-08 21:50 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-01-08 21:50 - 2015-01-08 21:50 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-01-08 21:50 - 2015-01-08 21:50 - 00002393 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2015-01-08 21:50 - 2015-01-08 21:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-01-08 21:50 - 2015-01-08 21:50 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2015-01-08 21:50 - 2015-01-08 21:50 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-01-08 21:50 - 2015-01-08 21:50 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2015-01-08 21:40 - 2015-01-08 21:40 - 00000000 ____D () C:\ProgramData\PCSettings
2015-01-08 21:37 - 2015-01-08 21:52 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-01-08 21:37 - 2015-01-08 21:42 - 00001310 _____ () C:\Users\Daniel'sComputer\Desktop\Norton Installation Files.lnk
2015-01-08 21:36 - 2015-01-08 21:36 - 01021984 _____ (Symantec Corporation) C:\Users\Daniel'sComputer\Downloads\NortonN360Downloader.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-20 12:48 - 2012-08-14 16:18 - 103570971 _____ () C:\alotserviceruntime.log
2015-01-20 12:45 - 2012-03-24 21:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 12:41 - 2012-08-13 18:11 - 01433398 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 12:39 - 2012-08-13 18:17 - 00003998 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5880691C-0C46-4652-B3F1-059E055360B6}
2015-01-20 12:34 - 2014-08-25 21:34 - 00002492 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-6.job
2015-01-20 12:34 - 2009-07-13 23:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 12:34 - 2009-07-13 23:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 12:26 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-20 12:20 - 2014-08-25 21:35 - 00004178 _____ () C:\Windows\Tasks\0ffd1c89-9add-4d9c-a058-5dce671bf539.job
2015-01-20 12:20 - 2014-08-25 21:35 - 00002752 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.job
2015-01-20 12:20 - 2014-08-25 21:35 - 00001950 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-1.job
2015-01-20 12:20 - 2014-08-25 21:35 - 00001856 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5_user.job
2015-01-20 12:20 - 2014-08-25 21:35 - 00001836 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.job
2015-01-20 12:20 - 2014-08-25 21:35 - 00001562 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-2.job
2015-01-20 12:20 - 2014-08-25 21:34 - 00004516 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-11.job
2015-01-20 12:20 - 2014-08-25 21:34 - 00003834 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-3.job
2015-01-20 12:20 - 2014-08-25 21:34 - 00002368 _____ () C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-7.job
2015-01-20 12:20 - 2014-08-25 21:34 - 00000920 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-20 12:20 - 2012-06-22 03:26 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-01-20 12:20 - 2010-11-20 22:47 - 00927974 _____ () C:\Windows\PFRO.log
2015-01-20 12:20 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 12:20 - 2009-07-13 23:51 - 00068311 _____ () C:\Windows\setupact.log
2015-01-20 12:19 - 2012-10-24 20:41 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Roaming\Spotify
2015-01-20 12:17 - 2012-08-14 21:12 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000Core.job
2015-01-20 12:03 - 2014-08-25 21:34 - 00000924 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-01-20 12:02 - 2012-08-14 21:12 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000UA.job
2015-01-19 12:45 - 2012-11-06 18:16 - 00000000 ____D () C:\Program Files (x86)\HP SimplePass
2015-01-19 10:06 - 2013-03-27 15:17 - 00003252 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDaniel'sComputer
2015-01-19 10:06 - 2013-03-27 15:17 - 00000376 _____ () C:\Windows\Tasks\HPCeeScheduleForDaniel'sComputer.job
2015-01-19 10:06 - 2012-10-24 20:41 - 00000000 ____D () C:\Users\Daniel'sComputer\AppData\Local\Spotify
2015-01-16 17:51 - 2012-08-14 21:13 - 00002430 _____ () C:\Users\Daniel'sComputer\Desktop\Google Chrome.lnk
2015-01-15 13:05 - 2014-02-24 01:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 13:00 - 2014-02-24 01:53 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:04 - 2012-12-04 20:55 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-13 15:04 - 2012-08-14 15:17 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-13 13:45 - 2012-03-24 21:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 13:45 - 2012-03-24 21:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 13:45 - 2012-03-24 21:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-10 17:01 - 2012-08-16 18:56 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-01-08 22:09 - 2012-08-14 05:16 - 00109680 _____ () C:\Users\Daniel'sComputer\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-08 22:09 - 2009-07-13 23:45 - 00409520 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-08 21:52 - 2012-06-22 03:33 - 00000000 ____D () C:\ProgramData\Norton
2015-01-08 21:37 - 2013-05-19 11:38 - 00000000 ____D () C:\Users\Public\Downloads\Norton
==================== Files in the root of some directories =======
2012-08-14 04:28 - 2012-08-14 04:28 - 0007605 _____ () C:\Users\Daniel'sComputer\AppData\Local\Resmon.ResmonCfg
2013-11-20 10:54 - 2013-11-20 10:55 - 0023763 _____ () C:\Users\Daniel'sComputer\AppData\Local\WiDiSetupLog.20131120.105403.wdl
Some content of TEMP:
====================
C:\Users\Daniel'sComputer\AppData\Local\Temp\siinst.exe
C:\Users\Daniel'sComputer\AppData\Local\Temp\strings.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-11 13:14
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Daniel'sComputer at 2015-01-20 12:48:56
Running from C:\Users\Daniel'sComputer\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 Premier Edition (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.17 - Absolute Software)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
ALOT Appbar (HKLM-x32\...\alotAppbar) (Version: - ALOT) <==== ATTENTION
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{FCD6D60F-AF2B-49E3-ABC4-A4C96B56225D}) (Version: 3.0.9391 - K-NFB Reading Technology, Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.3.5010 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DefaultTab Chrome (HKLM-x32\...\DefaultTab Chrome) (Version: 1.1.14 - Search Results, LLC) <==== ATTENTION
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{7DA9DD7F-F4D9-40FB-BD27-69B7731DEDD9}) (Version: 5.1.3 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Genieo (HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\genieo) (Version: 1.0.412 - Genieo Innovation Ltd.)
Gephi 0.8.2 (HKLM-x32\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version: - Gephi)
Google Chrome (HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{DF2D7B73-3E53-4241-B6B5-64D8344AEF6B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{42719DC3-4982-47DD-B025-B21C4BDD504D}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP SimplePass PE (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel(R) Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - )
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
OBRONA BlockAds (HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\ObronaBlockAds) (Version: 1.1.31 - OBRONA BlockAds / Red Sky LLC) <==== ATTENTION
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3141508201-2490937371-110901077-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.2.0 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VIP Access SDK (1.1.0.4) (HKLM-x32\...\VIP Access SDK) (Version: 1.1.0.4 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3141508201-2490937371-110901077-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Daniel'sComputer\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
20-12-2014 12:59:03 Windows Update
10-01-2015 11:51:52 Windows Update
10-01-2015 17:05:52 Removed TuneUp Utilities 2014
10-01-2015 17:06:53 Removed TuneUp Utilities 2014 (en-US)
10-01-2015 17:12:24 Windows Update
10-01-2015 17:21:39 Removed MSXML 4.0 SP2 (KB973688)
10-01-2015 17:22:52 Removed MSXML 4.0 SP2 (KB954430)
10-01-2015 17:51:54 Removed MSXML4 Parser
15-01-2015 12:59:48 Windows Update
19-01-2015 10:52:59 Malwarebytes Anti-Rootkit Restore Point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {082ADDB1-276B-45A8-9036-B3F90ACECBEF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {180C8B28-B52B-476A-8C3B-7D35C09E8F03} - System32\Tasks\HPCeeScheduleForDaniel'sComputer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {1F67EFB8-9BF8-4BB4-BFC2-DE9DEDDA7F1A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000UA => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14] (Google Inc.)
Task: {21D0B8BD-D4B6-4323-B4FD-CA43099223F9} - System32\Tasks\Absolute Reminder => C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe [2011-07-12] (Absolute Software)
Task: {2EAADA8A-53F4-4D6C-904E-F1FF33A23288} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000Core => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14] (Google Inc.)
Task: {3A6511A8-9A93-45F4-B629-38F7988C6DB1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {3D2B7924-3055-4EB2-A016-68FA8E370A91} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-10] (CyberLink)
Task: {411AE6CF-BFB3-489B-B206-8913C57A6A43} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5A745ACC-C095-41C0-BDCC-1F779E20277A} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-6 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-6.exe <==== ATTENTION
Task: {7430CB6A-BCDE-4DAB-B658-929F80B23098} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-25] (globalUpdate) <==== ATTENTION
Task: {77A5A260-2EBF-4E62-AE13-DA1503CD2D74} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-25] (globalUpdate) <==== ATTENTION
Task: {79333076-6D06-445F-A346-4CBC82DC2159} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {7B18FB34-C56E-4DEA-BF70-58C9F957031D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {917A416A-00DA-4DD2-BBE4-6AE029B601C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {97110AFF-1D71-4C5E-9AE0-709696AC3859} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {98714AFE-63DB-42E6-8892-19BC4CBC692D} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5_user => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.exe <==== ATTENTION
Task: {ADB3215C-2D42-4E7D-80EA-8E973A621446} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3141508201-2490937371-110901077-1000
Task: {AF1D68AF-6595-4205-A2E2-A2D04992CE0B} - System32\Tasks\0ffd1c89-9add-4d9c-a058-5dce671bf539 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.exe <==== ATTENTION
Task: {AFCA60F2-D2C4-46D1-A751-71DFB555178E} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-1 => C:\Program Files (x86)\videos MediaPlay-Air\videos MediaPlay-Air-codedownloader.exe <==== ATTENTION
Task: {BE48CB31-C0D2-4624-8E57-907E98B8D988} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-4 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.exe <==== ATTENTION
Task: {D49AF548-DE5C-408C-B98B-5A6B74A07559} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-7 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-7.exe <==== ATTENTION
Task: {D5E36B65-FC18-4FE1-89E1-025F73D23B19} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.exe <==== ATTENTION
Task: {DA1FD350-AEBE-4EA3-9A77-F20AB7405838} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-2 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-2.exe <==== ATTENTION
Task: {DED86BF7-39F4-4266-95BC-1639F669A8CF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EC32BE6B-D8FF-40DD-B03C-84ADB1C2A01E} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-11 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-11.exe <==== ATTENTION
Task: {FE82CFE6-B585-4783-BA42-D7773C87D30C} - System32\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-3 => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-3.exe <==== ATTENTION
Task: {FF80C31D-92BD-4674-9CC9-9DC82B8806F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\0ffd1c89-9add-4d9c-a058-5dce671bf539.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-1.job => C:\Program Files (x86)\videos MediaPlay-Air\videos MediaPlay-Air-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-11.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-2.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-3.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-5_user.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-6.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-6.exe/agentregpath='videos MediaPlay-Air-nv' /appid=61799 /srcid='001673' /subid='verticals-ads,intext,pops,shopping' /zdata='0' /bic=85FA61F2EADB42B4863C9896BCA7AECAIE /verifier=f9b8669541a13ccc39c8beaee712b74a /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1409020470 /statsdomain=http://stats.loadclientinputsrv.com /errorsdomain=http://errors.loadclientinputsrv.com /codedownloaddomain=http://js.loadclientinputsrv.com /defbro=ch /DllName32ToInjectToChrome='6303bd85-27d3-4a05-b467-afcc981aa290.dll' /DllName64ToInjectToChrome='86cc3807-c595-48eb-9fac-f1e938528824.dll' /nova64bitexe='5ace53e0-2407-4b4a-b916-78d25ab235cb-64.exe <==== ATTENTION
Task: C:\Windows\Tasks\5ace53e0-2407-4b4a-b916-78d25ab235cb-7.job => C:\Program Files (x86)\videos MediaPlay-Air\5ace53e0-2407-4b4a-b916-78d25ab235cb-7.exeÙ/updateapp /agentregpath='videos MediaPlay-Air-nv' /appid=61799 /srcid='001673' /subid='verticals-ads,intext,pops,shopping' /zdata='0' /bic=85FA61F2EADB42B4863C9896BCA7AECAIE /verifier=f9b8669541a13ccc39c8beaee712b74a /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1409020470 /statsdomain=http://stats.loadclientinputsrv.com /errorsdomain=http://errors.loadclientinputsrv.com /codedownloaddomain=http://js.loadclientinputsrv.com /defbro=ch /DllName32ToInjectToChrome='6303bd85-27d3-4a05-b467-afcc981aa290.dll' /DllName64ToInjectToChrome='86cc3807-c595-48eb-9fac-f1e938528824.dll' /nova64bitexe='5ace53e0-2407-4b4a-b916-78d25ab235cb-64.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000Core.job => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141508201-2490937371-110901077-1000UA.job => C:\Users\Daniel'sComputer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDaniel'sComputer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2012-09-13 09:24 - 2010-10-14 09:05 - 00290816 _____ () C:\Windows\System32\HP1100LM.DLL
2012-09-13 09:25 - 2010-10-14 09:05 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-02-09 18:26 - 2012-02-09 18:26 - 00133632 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2012-02-09 18:26 - 2012-02-09 18:26 - 00048128 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2012-02-09 18:26 - 2012-02-09 18:26 - 00036864 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetDetect.dll
2013-02-07 08:19 - 2013-02-07 08:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2011-12-20 01:34 - 2011-12-20 01:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2012-02-15 04:53 - 2012-02-15 04:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-14 08:00 - 2014-10-14 08:00 - 00008192 _____ () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\ProxyResetOnKill.exe
2014-10-08 08:03 - 2014-10-08 08:03 - 00879104 _____ () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\platforms\qwindows.dll
2014-10-08 08:01 - 2014-10-08 08:01 - 00021504 _____ () C:\Users\Daniel'sComputer\AppData\Local\Obrona Block Ads\imageformats\qgif.dll
2014-10-25 11:42 - 2014-10-25 11:42 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-06-22 03:23 - 2012-02-01 19:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-06-22 03:27 - 2012-10-30 18:12 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-01-16 17:50 - 2015-01-08 19:35 - 01077064 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 17:50 - 2015-01-08 19:35 - 00211272 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-16 17:50 - 2015-01-08 19:35 - 01677128 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-16 17:50 - 2015-01-08 19:35 - 14913352 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
2015-01-16 17:50 - 2015-01-08 19:35 - 09009480 _____ () C:\Users\Daniel'sComputer\AppData\Local\Google\Chrome\Application\39.0.2171.99\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3141508201-2490937371-110901077-500 - Administrator - Disabled)
Daniel'sComputer (S-1-5-21-3141508201-2490937371-110901077-1000 - Administrator - Enabled) => C:\Users\Daniel'sComputer
Guest (S-1-5-21-3141508201-2490937371-110901077-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3141508201-2490937371-110901077-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/20/2015 00:20:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2015 00:20:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.
Error: (01/20/2015 00:20:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2
Error: (01/19/2015 11:34:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2015 11:34:41 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.
Error: (01/19/2015 11:34:41 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2
Error: (01/16/2015 05:08:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2015 05:08:56 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.
Error: (01/16/2015 05:08:56 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2
Error: (01/16/2015 05:07:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/20/2015 00:20:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/20/2015 00:19:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (01/19/2015 11:34:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/16/2015 05:08:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/16/2015 05:07:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/16/2015 05:06:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (01/16/2015 00:30:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/16/2015 00:30:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:39:03 PM on 1/15/2015 was unexpected.
Error: (01/15/2015 06:11:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/12/2015 00:44:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
Microsoft Office Sessions:
=========================
Error: (01/20/2015 00:20:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2015 00:20:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.
Error: (01/20/2015 00:20:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2
Error: (01/19/2015 11:34:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2015 11:34:41 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.
Error: (01/19/2015 11:34:41 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2
Error: (01/16/2015 05:08:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2015 05:08:56 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::SetTimerSource Failed to set max wake duration, error=0.
Error: (01/16/2015 05:08:56 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CISCTPnpDriverApi::SetMaxWakeDuration *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2
Error: (01/16/2015 05:07:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 58%
Total physical RAM: 3998.31 MB
Available physical RAM: 1667.25 MB
Total Pagefile: 7994.8 MB
Available Pagefile: 5252.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:446.1 GB) (Free:363.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.35 GB) (Free:2.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F74225FC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=108 MB) - (Type=0C)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: E2030C0D)
Partition 1: (Not Active) - (Size=4 GB) - (Type=84)
==================== End Of Log ============================
- Apr 24, 2014
- 3,395
Okay,
Fix with Farbar Recovery Scan Tool
This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Please attach it to your reply.
Fix with AdwCleaner
Please download AdwCleaner by Xplode and save the file to your desktop.
Please include the contents of that file in your reply.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
Please download AdwCleaner by Xplode and save the file to your desktop.
- Right-click on
icon and select
Run as Administrator to start the tool.
- Follow the prompts and click Scan.
- When finished, please click Clean.
- Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
Please include the contents of that file in your reply.
Similar threads
- Locked