1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Windows 8.1 homepage hijacked

Discussion in 'Malware and Virus Removal Archive' started by sallnjackn, 2015/04/13.

  1. 2015/04/13
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    [Solved] Windows 8.1 homepage hijacked

    Windows 8.1 homepage hijacked to Yahoo. Have run Security Essentials, Malware Bytes and Hitman Pro. Found nothing. Thanks for your help!

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
    Ran by JackandSallie (administrator) on JACKPC on 13-04-2015 14:34:40
    Running from C:\Users\JackandSallie\Pictures\Downloads
    Loaded Profiles: JackandSallie (Available profiles: JackandSallie)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
    (Microsoft) C:\Program Files (x86)\MR APP\MRAPP.UI.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\ib\olycamdetect.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (FOMINE SOFTWARE) C:\Program Files (x86)\Fomine Net Send GUI\NetSendGUI.exe
    (Microsoft Corporation) C:\Program Files (x86)\MSWorks\Calendar\WKCALREM.EXE
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Trend Micro Inc.) C:\Users\JackandSallie\Pictures\Downloads\HijackThis.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-20] (Hewlett-Packard )
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [BFHP] => C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\...\Run: [Olympus ib] => C:\Program Files (x86)\Olympus\ib\olycamdetect.exe [93376 2010-02-04] (OLYMPUS IMAGING CORP.)
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\...\MountPoints2: {d3406ccc-8145-11e4-bf21-10604b67584d} - "J:\LenovoUsbDriver_autorun_1.0.8.exe"
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Net Send GUI.lnk
    ShortcutTarget: Net Send GUI.lnk -> C:\Program Files (x86)\Fomine Net Send GUI\NetSendGUI.exe (FOMINE SOFTWARE)
    Startup: C:\Users\JackandSallie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
    ShortcutTarget: Microsoft Works Calendar Reminders.lnk -> C:\Program Files (x86)\MSWorks\Calendar\WKCALREM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [S-1-5-21-3197496165-2814395380-2150283531-1001] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-3197496165-2814395380-2150283531-1001] => http=127.0.0.1:16110;https=127.0.0.1:16110
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=befhp&type=iehp-3.18-1504
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://my.earthlink.net/
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {D187DD83-F917-491F-9FD2-CDED3E4EEEC6} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {D187DD83-F917-491F-9FD2-CDED3E4EEEC6} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-09] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-09] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Toolbar: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2012-11-16] (Belarc, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1 75.75.76.76 75.75.75.75
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792
    FF NewTab: https://www.yahoo.com/?fr=befhp&type=ffhp-3.18-1504
    FF DefaultSearchEngine: Yahoo Search
    FF DefaultSearchEngine.US: Google
    FF SelectedSearchEngine: Yahoo Search
    FF Homepage: https://www.yahoo.com/?fr=befhp&type=ffhp-3.18-1504
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-13] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-13] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-07-09] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-09] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll [2015-01-31] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF user.js: detected! => C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\user.js [2014-08-19]
    FF SearchPlugin: C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\searchplugins\yahoo-search.xml [2015-04-08]
    FF Extension: Ant Video Downloader - C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\Extensions\anttoolbar@ant.com [2015-04-03]
    FF Extension: BeFrugal Coupons Add-On - C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\Extensions\shopcbtoolbar@befrugal.com [2015-04-08]
    FF Extension: WOT - C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-26]
    FF Extension: Antmark extensions - C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\Extensions\antmark@ant.com.xpi [2014-09-25]
    FF Extension: Adblock Plus - C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-25]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
    R2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [34304 2015-01-07] (Digital Market Research Apps Pty Ltd) [File not signed]
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-03-19] (WildTangent)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
    S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
    R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [32256 2015-01-07] (Digital Market Research Apps Pty Ltd) [File not signed]
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-23] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-13 14:34 - 2015-04-13 14:34 - 00000000 ____D () C:\FRST
    2015-04-13 14:21 - 2015-04-13 14:21 - 00000000 ____D () C:\Users\JackandSallie\Documents\windows bbs
    2015-04-13 12:32 - 2015-04-13 12:32 - 00010691 _____ () C:\Users\JackandSallie\Documents\hijackthis 04 13 2015.log
    2015-04-13 11:33 - 2015-04-13 11:55 - 00000000 ____D () C:\Users\JackandSallie\Documents\MOLD REMOVER
    2015-04-10 10:36 - 2015-04-10 10:36 - 00001069 _____ () C:\Users\JackandSallie\Documents\malware bytes 4 10 2015.txt
    2015-04-09 20:52 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
    2015-04-09 20:52 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
    2015-04-09 19:02 - 2015-04-09 19:02 - 00022442 _____ () C:\Users\JackandSallie\Documents\HitmanPro_20150409_1901.log
    2015-04-09 19:00 - 2015-04-09 19:00 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
    2015-04-09 18:16 - 2015-04-09 19:00 - 00000000 ____D () C:\ProgramData\HitmanPro
    2015-04-09 10:51 - 2015-04-10 10:22 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-04-09 10:51 - 2015-04-09 10:51 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-04-09 10:51 - 2015-04-09 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-04-09 10:51 - 2015-04-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-04-09 10:51 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-04-09 10:51 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-04-09 10:51 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-04-09 10:20 - 2015-04-09 10:20 - 00000049 _____ () C:\Users\JackandSallie\Documents\malware bytes 4 9 2015.txt
    2015-04-06 21:13 - 2013-01-31 14:51 - 00000959 _____ () C:\Users\JackandSallie\Desktop\Pretty Good Solitaire 2k - Copy (2).lnk
    2015-04-04 10:00 - 2015-04-04 10:02 - 00000000 ___SD () C:\WINDOWS\system32\GWX
    2015-04-04 10:00 - 2015-04-04 10:00 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
    2015-03-23 08:42 - 2015-04-04 21:25 - 00000000 ____D () C:\Users\JackandSallie\Documents\Garage Sale

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-13 14:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-04-13 13:48 - 2013-02-08 08:34 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-04-13 13:18 - 2013-10-23 01:02 - 01173331 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-04-13 10:40 - 2013-01-31 14:15 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F841D55A-3055-40AA-A7EC-4D2B76B9ECC3}
    2015-04-13 08:03 - 2013-10-23 09:32 - 00000000 __RDO () C:\Users\JackandSallie\SkyDrive
    2015-04-13 07:59 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-04-13 07:59 - 2013-02-07 10:00 - 00000501 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
    2015-04-11 10:08 - 2013-12-17 11:14 - 00003208 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForJackandSallie
    2015-04-11 10:08 - 2013-12-17 11:14 - 00000378 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForJackandSallie.job
    2015-04-11 07:21 - 2013-01-31 14:23 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3197496165-2814395380-2150283531-1001
    2015-04-09 21:01 - 2013-09-29 23:04 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-04-09 20:55 - 2013-09-29 22:55 - 00039926 _____ () C:\WINDOWS\PFRO.log
    2015-04-09 20:55 - 2013-08-22 09:46 - 00318709 _____ () C:\WINDOWS\setupact.log
    2015-04-09 20:55 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-04-09 20:55 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
    2015-04-09 20:53 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2015-04-09 20:19 - 2015-01-23 23:33 - 00000000 ____D () C:\Users\JackandSallie\Documents\Nibbler 2015
    2015-04-09 10:34 - 2013-01-31 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-04-07 10:08 - 2013-02-01 18:37 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
    2015-04-05 09:32 - 2014-07-22 22:04 - 00000000 ___HD () C:\Program Files (x86)\Mozilla Firefox
    2015-04-01 20:40 - 2013-09-21 09:54 - 03225618 _____ () C:\Users\JackandSallie\Downloads\6122479814_092113.zip
    2015-04-01 18:17 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
    2015-04-01 09:43 - 2014-07-30 20:56 - 00000000 ____D () C:\Users\JackandSallie\Downloads\Tara
    2015-03-31 10:16 - 2013-10-23 00:52 - 00000000 ____D () C:\Users\JackandSallie
    2015-03-23 15:39 - 2014-01-15 21:41 - 00000000 ____D () C:\Users\JackandSallie\Documents\usaa
    2015-03-19 19:08 - 2013-01-24 15:29 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
    2015-03-17 12:59 - 2013-11-13 20:47 - 00000000 ____D () C:\Users\JackandSallie\AppData\Local\Windows Live
    2015-03-14 21:31 - 2014-03-30 16:25 - 00000000 ____D () C:\Users\JackandSallie\Documents\Nibbler 2014

    ==================== Files in the root of some directories =======

    2014-08-24 10:20 - 2014-09-25 09:20 - 0000085 _____ () C:\Users\JackandSallie\AppData\Roaming\WB.CFG
    2013-02-08 20:11 - 2013-03-09 12:43 - 0007619 _____ () C:\Users\JackandSallie\AppData\Local\Resmon.ResmonCfg
    2014-05-03 18:46 - 2014-05-03 18:51 - 0000367 _____ () C:\ProgramData\hpzinstall.log
    2013-01-31 14:14 - 2013-01-31 14:14 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

    Some content of TEMP:
    ====================
    C:\Users\JackandSallie\AppData\Local\Temp\sp64126.exe
    C:\Users\JackandSallie\AppData\Local\Temp\UninstallHPSA.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-09 23:16

    ==================== End Of Log ============================
     
  2. 2015/04/13
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    Next log.

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
    Ran by JackandSallie at 2015-04-13 14:35:15
    Running from C:\Users\JackandSallie\Pictures\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AtomTime Pro 3.1d (HKLM-x32\...\AtomTime Pro_is1) (Version: 3.1d - Naissan Innovations, LLC)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.0.0 - Belarc Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
    CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
    e-Rewards Notify (HKLM-x32\...\{5FC24EB6-6FF2-4073-A108-4D0A4229330C}) (Version: 1.1.0.254 - e-Rewards Opinion Panel)
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
    Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Fomine Net Send GUI (HKLM-x32\...\{1D762243-7FA0-4152-B3B5-A5541C3F0C9E}) (Version: 2.7.0.0 - Fomine Software)
    Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
    HP Connected Music (Meridian - player) (HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\...\HPConnectedMusic) (Version: 1.1 (build 37) hp - Meridian Audio Ltd)
    HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
    HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
    HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
    HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6429.0 - IDT)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
    Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 3.0.2.59 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\...\SkyDriveSetup.exe) (Version: 17.0.2011.0627 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works Calendar 1.0 (HKLM-x32\...\Works Calendar) (Version: - )
    Microsoft Works Setup Launcher (HKLM-x32\...\Works99Setup) (Version: - )
    Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
    OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
    OLYMPUS ib (HKLM-x32\...\InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}) (Version: 1.1.1404 - OLYMPUS IMAGING CORP.)
    OLYMPUS ib (x32 Version: 1.1.1404 - OLYMPUS IMAGING CORP.) Hidden
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Pretty Good Solitaire 2k (HKLM-x32\...\Pretty Good Solitaire 2k) (Version: - )
    PS_AIO_02_Software (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
    PS_AIO_02_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
    Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    TI xHCI Filter Driver 1.0.0.4 (HKLM-x32\...\TI xHCI Filter Driver) (Version: 1.0.0.4 - Texas Instruments Inc.)
    Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
    Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\JackandSallie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\JackandSallie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\JackandSallie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\JackandSallie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\JackandSallie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    22-03-2015 11:49:58 Scheduled Checkpoint
    01-04-2015 16:49:21 Scheduled Checkpoint
    09-04-2015 11:24:35 Scheduled Checkpoint
    09-04-2015 18:58:53 Checkpoint by HitmanPro
    09-04-2015 19:00:31 Checkpoint by HitmanPro

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {10DA01D6-9B14-4239-B940-8E49575AF43F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {14D57A22-7FCA-4A78-B3F3-3143C2745C5C} - System32\Tasks\{B5A0D148-DF54-4463-A479-7112420FFD3F} => pcalua.exe -a "C:\Program Files (x86)\Phantom EFX\ReelDealLive\BattleSlots\battleslots.exe" -d "C:\Program Files (x86)\Phantom EFX\ReelDealLive\BattleSlots\ "
    Task: {2973988C-0E7C-453F-87F0-B8EA0CBFF698} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
    Task: {47CE39E4-E556-494C-881E-78AD638F9D74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {50EC5B0E-6BBA-43B2-AEEA-F7EBFA7DADC5} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {57E50CA5-2FC1-4BA7-9AC0-86C21D4B2EA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
    Task: {645AF2E2-928B-4BA6-8B9E-7AEBDC87BC44} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {677962AF-9DCC-40E9-86CD-FAF28F940032} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {6A5D1F15-9143-4F9B-9A09-C87278F23106} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
    Task: {7A7F436A-171C-4738-8711-26356604C1A5} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
    Task: {868AE0DA-F0D3-4B8C-9D8E-7CF8D3643547} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {92473092-0212-4C55-9A68-36F3A7E7554C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {9F2B14B8-7812-4234-8324-5BF80D39148F} - System32\Tasks\HPCeeScheduleForJackandSallie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {B1489CF4-07EC-41A8-B0AA-9708392A1078} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {B87D9DB9-87C9-4F4A-AC4A-7AEF3EB5D09A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-13] (Adobe Systems Incorporated)
    Task: {BAA45A32-838B-4E31-807F-A22492F0FA83} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
    Task: {F91931EE-F323-4FF6-8930-50DC29619874} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
    Task: {FCB1D55B-6AD1-4331-9A70-095B07669320} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForJackandSallie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) ==============

    2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-01-07 12:25 - 2015-01-07 12:25 - 00094208 _____ () C:\Program Files (x86)\MR APP\MRAPP.Common.dll
    2015-01-07 12:25 - 2015-01-07 12:25 - 00013824 _____ () C:\Program Files (x86)\MR APP\MRAPP.Scheduler.dll
    2015-01-07 12:25 - 2015-01-07 12:25 - 00272384 _____ () C:\Program Files (x86)\MR APP\C5.dll
    2012-10-12 20:22 - 2012-10-12 20:22 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
    2012-10-12 20:22 - 2012-10-12 20:22 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
    2012-10-12 20:22 - 2012-10-12 20:22 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
    2015-01-07 12:25 - 2015-01-07 12:25 - 00080896 _____ () C:\Program Files (x86)\MR APP\MRAPP.UI.Resources.R23.dll
    2013-01-24 15:23 - 2012-07-18 03:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2008-02-25 15:09 - 2008-02-25 15:09 - 00200704 _____ () C:\Program Files (x86)\Fomine Net Send GUI\imclient.dll
    2013-01-24 15:29 - 2012-06-07 22:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\JackandSallie\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\JackandSallie\Documents\Personal (Web).url:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JackandSallie\Downloads\scan0181.jpg
    DNS Servers: 75.75.76.76 - 75.75.75.75

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "LAN Chat.lnk "
    HKLM\...\StartupApproved\Run: => "iTunesHelper "
    HKLM\...\StartupApproved\Run32: => "Adobe ARM "
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched "
    HKLM\...\StartupApproved\Run32: => "APSDaemon "
    HKLM\...\StartupApproved\Run32: => "BFHP "

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3197496165-2814395380-2150283531-500 - Administrator - Disabled)
    Guest (S-1-5-21-3197496165-2814395380-2150283531-501 - Limited - Disabled)
    JackandSallie (S-1-5-21-3197496165-2814395380-2150283531-1001 - Administrator - Enabled) => C:\Users\JackandSallie

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/13/2015 07:59:07 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8

    Error: (04/13/2015 07:59:06 AM) (Source: PerfNet) (EventID: 2004) (User: )
    Description:

    Error: (04/13/2015 07:59:06 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8

    Error: (04/13/2015 07:59:06 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: LsaC:\Windows\System32\Secur32.dll8

    Error: (04/13/2015 07:59:06 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: ESENTC:\WINDOWS\system32\esentprf.dll8

    Error: (04/13/2015 07:59:06 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (04/12/2015 05:28:53 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: HPConnectedRemoteService.exe, version: 1.0.1218.0, time stamp: 0x5078a573
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
    Exception code: 0xe0434352
    Fault offset: 0x0000000000008b9c
    Faulting process id: 0xcf4
    Faulting application start time: 0xHPConnectedRemoteService.exe0
    Faulting application path: HPConnectedRemoteService.exe1
    Faulting module path: HPConnectedRemoteService.exe2
    Report Id: HPConnectedRemoteService.exe3
    Faulting package full name: HPConnectedRemoteService.exe4
    Faulting package-relative application ID: HPConnectedRemoteService.exe5

    Error: (04/12/2015 05:28:52 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: HPConnectedRemoteService.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.Net.Sockets.SocketException
    Stack:
    at System.Net.Sockets.Socket.EndReceiveFrom(System.IAsyncResult, System.Net.EndPoint ByRef)
    at Mono.Ssdp.MulticastReader.OnAsyncResultReceived(System.IAsyncResult)
    at System.Net.LazyAsyncResult.Complete(IntPtr)
    at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
    at System.Net.ContextAwareResult.Complete(IntPtr)
    at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
    at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

    Error: (04/12/2015 05:27:12 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8

    Error: (04/12/2015 05:27:12 AM) (Source: PerfNet) (EventID: 2004) (User: )
    Description:


    System errors:
    =============
    Error: (04/13/2015 08:00:57 AM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer SALLIE-LAPTOP
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DBB363AD-EB1E-4719-A066-8C51A28C90C4}.
    The master browser is stopping or an election is being forced.

    Error: (04/13/2015 07:59:27 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (04/13/2015 07:59:22 AM) (Source: ipnathlp) (EventID: 30013) (User: )
    Description: 192.168.1.100192.168.137.0255.255.255.0

    Error: (04/13/2015 07:59:22 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (04/12/2015 10:24:55 PM) (Source: DCOM) (EventID: 10010) (User: JACKPC)
    Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

    Error: (04/12/2015 05:28:58 AM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer SALLIE-LAPTOP
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DBB363AD-EB1E-4719-A066-8C51A28C90C4}.
    The master browser is stopping or an election is being forced.

    Error: (04/12/2015 05:28:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The HP Connected Remote Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (04/12/2015 05:27:28 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (04/12/2015 05:26:52 AM) (Source: ipnathlp) (EventID: 30013) (User: )
    Description: 192.168.1.100192.168.137.0255.255.255.0

    Error: (04/12/2015 05:26:52 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:


    Microsoft Office Sessions:
    =========================
    Error: (04/13/2015 07:59:07 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8

    Error: (04/13/2015 07:59:06 AM) (Source: PerfNet) (EventID: 2004) (User: )
    Description:

    Error: (04/13/2015 07:59:06 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8

    Error: (04/13/2015 07:59:06 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: LsaC:\Windows\System32\Secur32.dll8

    Error: (04/13/2015 07:59:06 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: ESENTC:\WINDOWS\system32\esentprf.dll8

    Error: (04/13/2015 07:59:06 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (04/12/2015 05:28:53 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: HPConnectedRemoteService.exe1.0.1218.05078a573KERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9ccf401d07331d5a5fda4c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exeC:\WINDOWS\system32\KERNELBASE.dllb709ac3b-e0fe-11e4-bf35-10604b67584d

    Error: (04/12/2015 05:28:52 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: HPConnectedRemoteService.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.Net.Sockets.SocketException
    Stack:
    at System.Net.Sockets.Socket.EndReceiveFrom(System.IAsyncResult, System.Net.EndPoint ByRef)
    at Mono.Ssdp.MulticastReader.OnAsyncResultReceived(System.IAsyncResult)
    at System.Net.LazyAsyncResult.Complete(IntPtr)
    at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
    at System.Net.ContextAwareResult.Complete(IntPtr)
    at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
    at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

    Error: (04/12/2015 05:27:12 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8

    Error: (04/12/2015 05:27:12 AM) (Source: PerfNet) (EventID: 2004) (User: )
    Description:


    CodeIntegrity Errors:
    ===================================
    Date: 2015-04-13 09:35:11.225
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-13 09:35:11.084
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-13 09:35:10.943
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-13 09:35:09.975
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-13 09:35:09.820
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-10 10:36:07.960
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-10 10:36:07.819
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-10 10:36:07.679
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-10 10:36:07.523
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-10 10:36:07.382
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
    Percentage of memory in use: 51%
    Total physical RAM: 6028.85 MB
    Available physical RAM: 2947.05 MB
    Total Pagefile: 6988.85 MB
    Available Pagefile: 3656.84 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.79 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:911.28 GB) (Free:849.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Recovery Image) (Fixed) (Total:18.42 GB) (Free:2.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 22243B58)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     

  3. to hide this advert.

  4. 2015/04/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    [​IMG] We'll run some scans but Yahoo is a legit search engine.
    Can't you change it manually to whatever you want?

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported ".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. 2015/04/13
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    I have changed my home page many times but when I close and open my browser it goes right back to Yahoo.
    RogueKiller V10.5.9.0 [Apr 7 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : JackandSallie [Administrator]
    Started from : C:\Users\JackandSallie\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 04/13/2015 21:34:22

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 12 ¤¤¤
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3197496165-2814395380-2150283531-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3197496165-2814395380-2150283531-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3197496165-2814395380-2150283531-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:16110;https=127.0.0.1:16110 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3197496165-2814395380-2150283531-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:16110;https=127.0.0.1:16110 -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3197496165-2814395380-2150283531-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://my.earthlink.net/ -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3197496165-2814395380-2150283531-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://my.earthlink.net/ -> Not selected
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUP][FIREFX:Addon] 38ze4dgd.default-1392093811792 : Ant Video Downloader [anttoolbar@ant.com] -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD10EZEX-60ZF5A0 +++++
    --- User ---
    [MBR] c5ab6108932869c87e7ed59e483ada1e
    [BSP] 9afde7076bd843138440192a71537e16 : Empty MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1023 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2097152 | Size: 360 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2834432 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 3096576 | Size: 933146 MB
    4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1914179584 | Size: 350 MB
    5 - [SYSTEM] Basic data partition | Offset (sectors): 1914896384 | Size: 18861 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_SCN_04132015_211443.log - RKreport_DEL_04132015_211927.log - RKreport_SCN_04132015_212551.log - RKreport_DEL_04132015_213400.log
     
  6. 2015/04/13
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 4/13/2015
    Scan Time: 9:51:27 PM
    Logfile: malware bytes scan 4 13 2015.txt
    Administrator: Yes

    Version: 2.01.4.1018
    Malware Database: v2015.04.13.09
    Rootkit Database: v2015.03.31.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: JackandSallie

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 383847
    Time Elapsed: 10 min, 40 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  7. 2015/04/13
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    No restart required on Malware Bytes.
    # AdwCleaner v4.201 - Logfile created 13/04/2015 at 22:39:19
    # Updated 08/04/2015 by Xplode
    # Database : 2015-04-08.1 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : JackandSallie - JACKPC
    # Running from : C:\Users\JackandSallie\Desktop\adwcleaner_4.201.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\Extensions\anttoolbar@ant.com
    Folder Deleted : C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\Extensions\shopcbtoolbar@befrugal.com
    File Deleted : C:\END
    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    File Deleted : C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\user.js

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:16110;hxxps=127.0.0.1:16110
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v37.0.1 (x86 en-US)

    [38ze4dgd.default-1392093811792\prefs.js] - Line Deleted : user_pref( "extensions.astrmndasr.hmpgUrl ", "hxxp://astromenda.com/?f=1&a=ast_coinis_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCtAyByBtDtB0EtB0CyEyCtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCyCtFyCtN1L1CzutCyEtBzy[...]
    [38ze4dgd.default-1392093811792\prefs.js] - Line Deleted : user_pref( "extensions.astrmndasr.newTabUrl ", "hxxp://astromenda.com/?f=2&a=ast_coinis_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCtAyByBtDtB0EtB0CyEyCtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCyCtFyCtN1L1CzutCyEtB[...]
    [38ze4dgd.default-1392093811792\prefs.js] - Line Deleted : user_pref( "extensions.astrmndasr.prtnrId ", "WSE_Astromenda ");
    [38ze4dgd.default-1392093811792\prefs.js] - Line Deleted : user_pref( "extensions.astrmndasr.srchPrvdr ", "Astromenda ");
    [38ze4dgd.default-1392093811792\prefs.js] - Line Deleted : user_pref( "extensions.astrmndasr.tlbrSrchUrl ", "hxxp://astromenda.com/?f=3&a=ast_coinis_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCtAyByBtDtB0EtB0CyEyCtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCyCtFyCtN1L1CzutCyE[...]
    [38ze4dgd.default-1392093811792\prefs.js] - Line Deleted : user_pref( "extensions.toolbar.mindspark.hp.enabled ", false);
    [38ze4dgd.default-1392093811792\prefs.js] - Line Deleted : user_pref( "extensions.toolbar.mindspark.hp.enabled.guid ", " ");
    [38ze4dgd.default-1392093811792\prefs.js] - Line Deleted : user_pref( "extensions.toolbar.mindspark.lastInstalled ", "mapsgalaxy@mindspark.com ");

    *************************

    AdwCleaner[R0].txt - [3237 bytes] - [13/04/2015 22:36:45]
    AdwCleaner[S0].txt - [3050 bytes] - [13/04/2015 22:39:19]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3109 bytes] ##########
     
  8. 2015/04/13
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.5.4 (04.13.2015:1)
    OS: Windows 8.1 x64
    Ran by JackandSallie on Mon 04/13/2015 at 23:01:04.34
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util enhancetronic



    ~~~ Files

    Successfully deleted: [File] C:\WINDOWS\wininit.ini



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\JackandSallie\AppData\Roaming\mozilla\firefox\profiles\38ze4dgd.default-1392093811792\minidumps [45 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 04/13/2015 at 23:02:48.31
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  9. 2015/04/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  10. 2015/04/13
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
    Ran by JackandSallie (administrator) on JACKPC on 13-04-2015 23:34:37
    Running from C:\Users\JackandSallie\Pictures\Downloads
    Loaded Profiles: JackandSallie (Available profiles: JackandSallie)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Microsoft Corporation) C:\Program Files (x86)\MSWorks\Calendar\WKCALREM.EXE
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
    (Microsoft) C:\Program Files (x86)\MR APP\MRAPP.UI.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-20] (Hewlett-Packard )
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [BFHP] => C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\...\Run: [Olympus ib] => C:\Program Files (x86)\Olympus\ib\olycamdetect.exe [93376 2010-02-04] (OLYMPUS IMAGING CORP.)
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\...\MountPoints2: {d3406ccc-8145-11e4-bf21-10604b67584d} - "J:\LenovoUsbDriver_autorun_1.0.8.exe"
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Net Send GUI.lnk
    ShortcutTarget: Net Send GUI.lnk -> C:\Program Files (x86)\Fomine Net Send GUI\NetSendGUI.exe (FOMINE SOFTWARE)
    Startup: C:\Users\JackandSallie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
    ShortcutTarget: Microsoft Works Calendar Reminders.lnk -> C:\Program Files (x86)\MSWorks\Calendar\WKCALREM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [S-1-5-21-3197496165-2814395380-2150283531-1001] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-3197496165-2814395380-2150283531-1001] => http=127.0.0.1:16111;https=127.0.0.1:16111
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=befhp&type=iehp-3.18-1504
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://my.earthlink.net/
    SearchScopes: HKLM -> {D187DD83-F917-491F-9FD2-CDED3E4EEEC6} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {D187DD83-F917-491F-9FD2-CDED3E4EEEC6} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-09] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-09] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Toolbar: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2012-11-16] (Belarc, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1 75.75.76.76 75.75.75.75
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792
    FF NewTab: https://www.yahoo.com/?fr=befhp&type=ffhp-3.18-1504
    FF DefaultSearchEngine: Yahoo Search
    FF DefaultSearchEngine.US: Google
    FF SelectedSearchEngine: Yahoo Search
    FF Homepage: https://www.yahoo.com/?fr=befhp&type=ffhp-3.18-1504
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-13] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-13] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-07-09] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-09] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll [2015-01-31] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\searchplugins\yahoo-search.xml [2015-04-08]
    FF Extension: WOT - C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-26]
    FF Extension: Antmark extensions - C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\Extensions\antmark@ant.com.xpi [2014-09-25]
    FF Extension: Adblock Plus - C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-25]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
    R2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [34304 2015-01-07] (Digital Market Research Apps Pty Ltd) [File not signed]
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-03-19] (WildTangent)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
    S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
    R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
    R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [32256 2015-01-07] (Digital Market Research Apps Pty Ltd) [File not signed]
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-23] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-13] ()
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-13 23:02 - 2015-04-13 23:02 - 00000972 _____ () C:\Users\JackandSallie\Desktop\JRT.txt
    2015-04-13 23:01 - 2015-04-13 23:01 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-JACKPC-Windows-8.1-(64-bit).dat
    2015-04-13 23:01 - 2015-04-13 23:01 - 00000000 ____D () C:\RegBackup
    2015-04-13 22:46 - 2015-04-13 22:46 - 02687136 _____ (Thisisu) C:\Users\JackandSallie\Desktop\JRT.exe
    2015-04-13 22:36 - 2015-04-13 22:39 - 00000000 ____D () C:\AdwCleaner
    2015-04-13 22:32 - 2015-04-13 22:32 - 02217984 _____ () C:\Users\JackandSallie\Desktop\adwcleaner_4.201.exe
    2015-04-13 22:24 - 2015-04-13 22:24 - 00001073 _____ () C:\Users\JackandSallie\Documents\malware bytes scan 4 13 2015.txt
    2015-04-13 21:10 - 2015-04-13 21:11 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-04-13 21:10 - 2015-04-13 21:10 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-04-13 21:06 - 2015-04-13 21:06 - 16849496 _____ () C:\Users\JackandSallie\Desktop\RogueKiller.exe
    2015-04-13 14:34 - 2015-04-13 23:34 - 00000000 ____D () C:\FRST
    2015-04-13 14:21 - 2015-04-13 22:59 - 00000000 ____D () C:\Users\JackandSallie\Documents\windows bbs
    2015-04-13 12:32 - 2015-04-13 12:32 - 00010691 _____ () C:\Users\JackandSallie\Documents\hijackthis 04 13 2015.log
    2015-04-13 11:33 - 2015-04-13 11:55 - 00000000 ____D () C:\Users\JackandSallie\Documents\MOLD REMOVER
    2015-04-10 10:36 - 2015-04-10 10:36 - 00001069 _____ () C:\Users\JackandSallie\Documents\malware bytes 4 10 2015.txt
    2015-04-09 20:52 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
    2015-04-09 20:52 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
    2015-04-09 19:02 - 2015-04-09 19:02 - 00022442 _____ () C:\Users\JackandSallie\Documents\HitmanPro_20150409_1901.log
    2015-04-09 19:00 - 2015-04-09 19:00 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
    2015-04-09 18:16 - 2015-04-09 19:00 - 00000000 ____D () C:\ProgramData\HitmanPro
    2015-04-09 10:51 - 2015-04-13 21:51 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-04-09 10:51 - 2015-04-09 10:51 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-04-09 10:51 - 2015-04-09 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-04-09 10:51 - 2015-04-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-04-09 10:51 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-04-09 10:51 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-04-09 10:51 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-04-09 10:20 - 2015-04-09 10:20 - 00000049 _____ () C:\Users\JackandSallie\Documents\malware bytes 4 9 2015.txt
    2015-04-06 21:13 - 2013-01-31 14:51 - 00000959 _____ () C:\Users\JackandSallie\Desktop\Pretty Good Solitaire 2k - Copy (2).lnk
    2015-04-04 10:00 - 2015-04-04 10:02 - 00000000 ___SD () C:\WINDOWS\system32\GWX
    2015-04-04 10:00 - 2015-04-04 10:00 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
    2015-03-23 08:42 - 2015-04-04 21:25 - 00000000 ____D () C:\Users\JackandSallie\Documents\Garage Sale

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-13 23:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-04-13 22:54 - 2013-10-23 01:02 - 01327894 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-04-13 22:48 - 2013-02-08 08:34 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-04-13 22:45 - 2013-10-23 09:32 - 00000000 ___DO () C:\Users\JackandSallie\SkyDrive
    2015-04-13 22:45 - 2013-09-29 23:04 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-04-13 22:40 - 2013-08-22 09:46 - 00319582 _____ () C:\WINDOWS\setupact.log
    2015-04-13 22:40 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-04-13 22:40 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
    2015-04-13 22:40 - 2013-02-07 10:00 - 00000501 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
    2015-04-13 21:29 - 2013-01-31 14:15 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F841D55A-3055-40AA-A7EC-4D2B76B9ECC3}
    2015-04-13 07:59 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-04-11 10:08 - 2013-12-17 11:14 - 00003208 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForJackandSallie
    2015-04-11 10:08 - 2013-12-17 11:14 - 00000378 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForJackandSallie.job
    2015-04-11 07:21 - 2013-01-31 14:23 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3197496165-2814395380-2150283531-1001
    2015-04-09 20:55 - 2013-09-29 22:55 - 00039926 _____ () C:\WINDOWS\PFRO.log
    2015-04-09 20:53 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2015-04-09 20:19 - 2015-01-23 23:33 - 00000000 ____D () C:\Users\JackandSallie\Documents\Nibbler 2015
    2015-04-09 10:34 - 2013-01-31 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-04-07 10:08 - 2013-02-01 18:37 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
    2015-04-05 09:32 - 2014-07-22 22:04 - 00000000 ___HD () C:\Program Files (x86)\Mozilla Firefox
    2015-04-01 20:40 - 2013-09-21 09:54 - 03225618 _____ () C:\Users\JackandSallie\Downloads\6122479814_092113.zip
    2015-04-01 18:17 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
    2015-04-01 09:43 - 2014-07-30 20:56 - 00000000 ____D () C:\Users\JackandSallie\Downloads\Tara
    2015-03-31 10:16 - 2013-10-23 00:52 - 00000000 ____D () C:\Users\JackandSallie
    2015-03-23 15:39 - 2014-01-15 21:41 - 00000000 ____D () C:\Users\JackandSallie\Documents\usaa
    2015-03-19 19:08 - 2013-01-24 15:29 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
    2015-03-17 12:59 - 2013-11-13 20:47 - 00000000 ____D () C:\Users\JackandSallie\AppData\Local\Windows Live
    2015-03-14 21:31 - 2014-03-30 16:25 - 00000000 ____D () C:\Users\JackandSallie\Documents\Nibbler 2014

    ==================== Files in the root of some directories =======

    2014-08-24 10:20 - 2014-09-25 09:20 - 0000085 _____ () C:\Users\JackandSallie\AppData\Roaming\WB.CFG
    2013-02-08 20:11 - 2013-03-09 12:43 - 0007619 _____ () C:\Users\JackandSallie\AppData\Local\Resmon.ResmonCfg
    2014-05-03 18:46 - 2014-05-03 18:51 - 0000367 _____ () C:\ProgramData\hpzinstall.log
    2013-01-31 14:14 - 2013-01-31 14:14 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

    Some content of TEMP:
    ====================
    C:\Users\JackandSallie\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\JackandSallie\AppData\Local\Temp\Quarantine.exe
    C:\Users\JackandSallie\AppData\Local\Temp\sp64126.exe
    C:\Users\JackandSallie\AppData\Local\Temp\sqlite3.dll
    C:\Users\JackandSallie\AppData\Local\Temp\UninstallHPSA.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-09 23:16

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
    Ran by JackandSallie at 2015-04-13 23:35:11
    Running from C:\Users\JackandSallie\Pictures\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AtomTime Pro 3.1d (HKLM-x32\...\AtomTime Pro_is1) (Version: 3.1d - Naissan Innovations, LLC)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.0.0 - Belarc Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
    CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
    e-Rewards Notify (HKLM-x32\...\{5FC24EB6-6FF2-4073-A108-4D0A4229330C}) (Version: 1.1.0.254 - e-Rewards Opinion Panel)
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
    Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Fomine Net Send GUI (HKLM-x32\...\{1D762243-7FA0-4152-B3B5-A5541C3F0C9E}) (Version: 2.7.0.0 - Fomine Software)
    Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
    HP Connected Music (Meridian - player) (HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\...\HPConnectedMusic) (Version: 1.1 (build 37) hp - Meridian Audio Ltd)
    HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
    HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
    HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
    HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6429.0 - IDT)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
    Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 3.0.2.59 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\...\SkyDriveSetup.exe) (Version: 17.0.2011.0627 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works Calendar 1.0 (HKLM-x32\...\Works Calendar) (Version: - )
    Microsoft Works Setup Launcher (HKLM-x32\...\Works99Setup) (Version: - )
    Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
    OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
    OLYMPUS ib (HKLM-x32\...\InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}) (Version: 1.1.1404 - OLYMPUS IMAGING CORP.)
    OLYMPUS ib (x32 Version: 1.1.1404 - OLYMPUS IMAGING CORP.) Hidden
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Pretty Good Solitaire 2k (HKLM-x32\...\Pretty Good Solitaire 2k) (Version: - )
    PS_AIO_02_Software (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
    PS_AIO_02_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
    Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    TI xHCI Filter Driver 1.0.0.4 (HKLM-x32\...\TI xHCI Filter Driver) (Version: 1.0.0.4 - Texas Instruments Inc.)
    Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
    Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\JackandSallie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\JackandSallie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\JackandSallie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\JackandSallie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\JackandSallie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    22-03-2015 11:49:58 Scheduled Checkpoint
    01-04-2015 16:49:21 Scheduled Checkpoint
    09-04-2015 11:24:35 Scheduled Checkpoint
    09-04-2015 18:58:53 Checkpoint by HitmanPro
    09-04-2015 19:00:31 Checkpoint by HitmanPro

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {10DA01D6-9B14-4239-B940-8E49575AF43F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {14D57A22-7FCA-4A78-B3F3-3143C2745C5C} - System32\Tasks\{B5A0D148-DF54-4463-A479-7112420FFD3F} => pcalua.exe -a "C:\Program Files (x86)\Phantom EFX\ReelDealLive\BattleSlots\battleslots.exe" -d "C:\Program Files (x86)\Phantom EFX\ReelDealLive\BattleSlots\ "
    Task: {26E20067-F198-44B8-8637-6F98BDA2859D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
    Task: {2973988C-0E7C-453F-87F0-B8EA0CBFF698} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
    Task: {47CE39E4-E556-494C-881E-78AD638F9D74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {50EC5B0E-6BBA-43B2-AEEA-F7EBFA7DADC5} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {57E50CA5-2FC1-4BA7-9AC0-86C21D4B2EA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
    Task: {645AF2E2-928B-4BA6-8B9E-7AEBDC87BC44} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {677962AF-9DCC-40E9-86CD-FAF28F940032} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {7A7F436A-171C-4738-8711-26356604C1A5} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
    Task: {868AE0DA-F0D3-4B8C-9D8E-7CF8D3643547} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {92473092-0212-4C55-9A68-36F3A7E7554C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {9F2B14B8-7812-4234-8324-5BF80D39148F} - System32\Tasks\HPCeeScheduleForJackandSallie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {B1489CF4-07EC-41A8-B0AA-9708392A1078} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {B87D9DB9-87C9-4F4A-AC4A-7AEF3EB5D09A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-13] (Adobe Systems Incorporated)
    Task: {BAA45A32-838B-4E31-807F-A22492F0FA83} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
    Task: {F91931EE-F323-4FF6-8930-50DC29619874} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
    Task: {FCB1D55B-6AD1-4331-9A70-095B07669320} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForJackandSallie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) ==============

    2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-01-07 12:25 - 2015-01-07 12:25 - 00094208 _____ () C:\Program Files (x86)\MR APP\MRAPP.Common.dll
    2015-01-07 12:25 - 2015-01-07 12:25 - 00013824 _____ () C:\Program Files (x86)\MR APP\MRAPP.Scheduler.dll
    2015-01-07 12:25 - 2015-01-07 12:25 - 00272384 _____ () C:\Program Files (x86)\MR APP\C5.dll
    2012-10-12 20:22 - 2012-10-12 20:22 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
    2012-10-12 20:22 - 2012-10-12 20:22 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
    2012-10-12 20:22 - 2012-10-12 20:22 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
    2015-01-07 12:25 - 2015-01-07 12:25 - 00080896 _____ () C:\Program Files (x86)\MR APP\MRAPP.UI.Resources.R23.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\JackandSallie\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\JackandSallie\Documents\Personal (Web).url:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JackandSallie\Downloads\scan0181.jpg
    DNS Servers: 75.75.76.76 - 75.75.75.75

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "LAN Chat.lnk "
    HKLM\...\StartupApproved\Run: => "iTunesHelper "
    HKLM\...\StartupApproved\Run32: => "Adobe ARM "
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched "
    HKLM\...\StartupApproved\Run32: => "APSDaemon "
    HKLM\...\StartupApproved\Run32: => "BFHP "

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3197496165-2814395380-2150283531-500 - Administrator - Disabled)
    Guest (S-1-5-21-3197496165-2814395380-2150283531-501 - Limited - Disabled)
    JackandSallie (S-1-5-21-3197496165-2814395380-2150283531-1001 - Administrator - Enabled) => C:\Users\JackandSallie

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
    Percentage of memory in use: 27%
    Total physical RAM: 6028.85 MB
    Available physical RAM: 4341.56 MB
    Total Pagefile: 6988.85 MB
    Available Pagefile: 5147.67 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.83 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:911.28 GB) (Free:849.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Recovery Image) (Fixed) (Total:18.42 GB) (Free:2.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 22243B58)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  11. 2015/04/13
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    Have you heard of PDFForge toolbar? I saw that as one of the toolbars causing problems on a web site you had me run a scan on. It may have been RogueKiller. It had a check mark for Yahoo tool bar and I have had trouble with my Word files saving in a PDF format and then not opening. Just a possibility. I saved the picture but I don't seem to be able to copy and paste a picture into an email or here either. When I copy an image and try to paste it I get the address where it is stored instead of the picture. Sallie
     
    Last edited: 2015/04/14
  12. 2015/04/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes. PDFForge is unwanted app.
    More info: http://malwaretips.com/blogs/pdfforge-toolbar-removal/
    I don't see it installed or running though.

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  13. 2015/04/14
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    I performed the task incorrectly.
     
    Last edited: 2015/04/14
  14. 2015/04/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's incorrect.
    You just posted content of "fixlist.txt" file (twice).

    Re-read my instructions and redo.
     
  15. 2015/04/14
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\...\MountPoints2: {d3406ccc-8145-11e4-bf21-10604b67584d} - "J:\LenovoUsbDriver_autorun_1.0.8.exe"
    ProxyEnable: [S-1-5-21-3197496165-2814395380-2150283531-1001] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-3197496165-2814395380-2150283531-1001] => http=127.0.0.1:16111;https=127.0.0.1:16111
    RemoveProxy:
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=befhp&type=iehp-3.18-1504
    SearchScopes: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    Toolbar: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    FF NewTab: https://www.yahoo.com/?fr=befhp&type=ffhp-3.18-1504
    FF DefaultSearchEngine: Yahoo Search
    FF SelectedSearchEngine: Yahoo Search
    FF Homepage: https://www.yahoo.com/?fr=befhp&type=ffhp-3.18-1504
    FF SearchPlugin: C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\searchplugins\yahoo-search.xml [2015-04-08]
    C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\searchplugins\yahoo-search.xml
    2014-08-24 10:20 - 2014-09-25 09:20 - 0000085 _____ () C:\Users\JackandSallie\AppData\Roaming\WB.CFG
    2013-02-08 20:11 - 2013-03-09 12:43 - 0007619 _____ () C:\Users\JackandSallie\AppData\Local\Resmon.ResmonCfg
    2014-05-03 18:46 - 2014-05-03 18:51 - 0000367 _____ () C:\ProgramData\hpzinstall.log
    2013-01-31 14:14 - 2013-01-31 14:14 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    C:\Users\JackandSallie\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\JackandSallie\AppData\Local\Temp\Quarantine.exe
    C:\Users\JackandSallie\AppData\Local\Temp\sp64126.exe
    C:\Users\JackandSallie\AppData\Local\Temp\sqlite3.dll
    C:\Users\JackandSallie\AppData\Local\Temp\UninstallHPSA.exe
    AlternateDataStreams: C:\Users\JackandSallie\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\JackandSallie\Documents\Personal (Web).url:ms-properties

    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\...\MountPoints2: {d3406ccc-8145-11e4-bf21-10604b67584d} - "J:\LenovoUsbDriver_autorun_1.0.8.exe"
    ProxyEnable: [S-1-5-21-3197496165-2814395380-2150283531-1001] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-3197496165-2814395380-2150283531-1001] => http=127.0.0.1:16111;https=127.0.0.1:16111
    RemoveProxy:
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=befhp&type=iehp-3.18-1504
    SearchScopes: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    Toolbar: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    FF NewTab: https://www.yahoo.com/?fr=befhp&type=ffhp-3.18-1504
    FF DefaultSearchEngine: Yahoo Search
    FF SelectedSearchEngine: Yahoo Search
    FF Homepage: https://www.yahoo.com/?fr=befhp&type=ffhp-3.18-1504
    FF SearchPlugin: C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\searchplugins\yahoo-search.xml [2015-04-08]
    C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\searchplugins\yahoo-search.xml
    2014-08-24 10:20 - 2014-09-25 09:20 - 0000085 _____ () C:\Users\JackandSallie\AppData\Roaming\WB.CFG
    2013-02-08 20:11 - 2013-03-09 12:43 - 0007619 _____ () C:\Users\JackandSallie\AppData\Local\Resmon.ResmonCfg
    2014-05-03 18:46 - 2014-05-03 18:51 - 0000367 _____ () C:\ProgramData\hpzinstall.log
    2013-01-31 14:14 - 2013-01-31 14:14 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    C:\Users\JackandSallie\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\JackandSallie\AppData\Local\Temp\Quarantine.exe
    C:\Users\JackandSallie\AppData\Local\Temp\sp64126.exe
    C:\Users\JackandSallie\AppData\Local\Temp\sqlite3.dll
    C:\Users\JackandSallie\AppData\Local\Temp\UninstallHPSA.exe
    AlternateDataStreams: C:\Users\JackandSallie\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\JackandSallie\Documents\Personal (Web).url:ms-properties
     
  16. 2015/04/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No.
    Re-read my instructions CAREFULLY.
     
  17. 2015/04/14
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    I double clicked the First64.exe file and selected scan. I get a log but no opportunity to do a fix.
     
  18. 2015/04/14
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
    Ran by JackandSallie (administrator) on JACKPC on 14-04-2015 19:25:45
    Running from C:\Users\JackandSallie\Desktop\winbbs tools
    Loaded Profiles: JackandSallie (Available profiles: JackandSallie)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft) C:\Program Files (x86)\MR APP\MRAPP.UI.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\ib\olycamdetect.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (FOMINE SOFTWARE) C:\Program Files (x86)\Fomine Net Send GUI\NetSendGUI.exe
    (Microsoft Corporation) C:\Program Files (x86)\MSWorks\Calendar\WKCALREM.EXE
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files (x86)\MSWorks\Calendar\MSWKSCAL.EXE
    (Goodsol Development Inc.) C:\Program Files (x86)\goodsol2k\goodsol2k.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-20] (Hewlett-Packard )
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [BFHP] => C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\...\Run: [Olympus ib] => C:\Program Files (x86)\Olympus\ib\olycamdetect.exe [93376 2010-02-04] (OLYMPUS IMAGING CORP.)
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\...\MountPoints2: {d3406ccc-8145-11e4-bf21-10604b67584d} - "J:\LenovoUsbDriver_autorun_1.0.8.exe"
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Net Send GUI.lnk
    ShortcutTarget: Net Send GUI.lnk -> C:\Program Files (x86)\Fomine Net Send GUI\NetSendGUI.exe (FOMINE SOFTWARE)
    Startup: C:\Users\JackandSallie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
    ShortcutTarget: Microsoft Works Calendar Reminders.lnk -> C:\Program Files (x86)\MSWorks\Calendar\WKCALREM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [S-1-5-21-3197496165-2814395380-2150283531-1001] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-3197496165-2814395380-2150283531-1001] => http=127.0.0.1:16110;https=127.0.0.1:16110
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=befhp&type=iehp-3.18-1504
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://my.earthlink.net/
    SearchScopes: HKLM -> {D187DD83-F917-491F-9FD2-CDED3E4EEEC6} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {D187DD83-F917-491F-9FD2-CDED3E4EEEC6} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-09] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-09] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Toolbar: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2012-11-16] (Belarc, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1 75.75.76.76 75.75.75.75
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792
    FF NewTab: https://www.yahoo.com/?fr=befhp&type=ffhp-3.18-1504
    FF DefaultSearchEngine: Yahoo Search
    FF DefaultSearchEngine.US: Google
    FF SelectedSearchEngine: Yahoo Search
    FF Homepage: https://www.yahoo.com/?fr=befhp&type=ffhp-3.18-1504
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-07-09] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-09] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll [2015-01-31] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\searchplugins\yahoo-search.xml [2015-04-08]
    FF Extension: WOT - C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-26]
    FF Extension: Adblock Plus - C:\Users\JackandSallie\AppData\Roaming\Mozilla\Firefox\Profiles\38ze4dgd.default-1392093811792\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-25]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
    R2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [34304 2015-01-07] (Digital Market Research Apps Pty Ltd) [File not signed]
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-03-19] (WildTangent)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
    S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
    S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
    R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [32256 2015-01-07] (Digital Market Research Apps Pty Ltd) [File not signed]
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-23] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-13] ()
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-14 19:13 - 2015-04-14 19:25 - 00000000 ____D () C:\Users\JackandSallie\Desktop\winbbs tools
    2015-04-13 23:02 - 2015-04-13 23:02 - 00000972 _____ () C:\Users\JackandSallie\Desktop\JRT.txt
    2015-04-13 23:01 - 2015-04-13 23:01 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-JACKPC-Windows-8.1-(64-bit).dat
    2015-04-13 23:01 - 2015-04-13 23:01 - 00000000 ____D () C:\RegBackup
    2015-04-13 22:46 - 2015-04-13 22:46 - 02687136 _____ (Thisisu) C:\Users\JackandSallie\Desktop\JRT.exe
    2015-04-13 22:36 - 2015-04-13 22:39 - 00000000 ____D () C:\AdwCleaner
    2015-04-13 22:32 - 2015-04-13 22:32 - 02217984 _____ () C:\Users\JackandSallie\Desktop\adwcleaner_4.201.exe
    2015-04-13 22:24 - 2015-04-13 22:24 - 00001073 _____ () C:\Users\JackandSallie\Documents\malware bytes scan 4 13 2015.txt
    2015-04-13 21:10 - 2015-04-13 21:11 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-04-13 21:10 - 2015-04-13 21:10 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-04-13 21:06 - 2015-04-13 21:06 - 16849496 _____ () C:\Users\JackandSallie\Desktop\RogueKiller.exe
    2015-04-13 14:34 - 2015-04-14 19:25 - 00000000 ____D () C:\FRST
    2015-04-13 14:21 - 2015-04-13 23:46 - 00000000 ____D () C:\Users\JackandSallie\Documents\windows bbs
    2015-04-13 12:32 - 2015-04-13 12:32 - 00010691 _____ () C:\Users\JackandSallie\Documents\hijackthis 04 13 2015.log
    2015-04-13 11:33 - 2015-04-13 11:55 - 00000000 ____D () C:\Users\JackandSallie\Documents\MOLD REMOVER
    2015-04-10 10:36 - 2015-04-10 10:36 - 00001069 _____ () C:\Users\JackandSallie\Documents\malware bytes 4 10 2015.txt
    2015-04-09 20:52 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
    2015-04-09 20:52 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
    2015-04-09 19:02 - 2015-04-09 19:02 - 00022442 _____ () C:\Users\JackandSallie\Documents\HitmanPro_20150409_1901.log
    2015-04-09 19:00 - 2015-04-09 19:00 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
    2015-04-09 18:16 - 2015-04-09 19:00 - 00000000 ____D () C:\ProgramData\HitmanPro
    2015-04-09 10:51 - 2015-04-13 21:51 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-04-09 10:51 - 2015-04-09 10:51 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-04-09 10:51 - 2015-04-09 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-04-09 10:51 - 2015-04-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-04-09 10:51 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-04-09 10:51 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-04-09 10:51 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-04-09 10:20 - 2015-04-09 10:20 - 00000049 _____ () C:\Users\JackandSallie\Documents\malware bytes 4 9 2015.txt
    2015-04-06 21:13 - 2013-01-31 14:51 - 00000959 _____ () C:\Users\JackandSallie\Desktop\Pretty Good Solitaire 2k - Copy (2).lnk
    2015-04-04 10:00 - 2015-04-04 10:02 - 00000000 ___SD () C:\WINDOWS\system32\GWX
    2015-04-04 10:00 - 2015-04-04 10:00 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
    2015-03-23 08:42 - 2015-04-04 21:25 - 00000000 ____D () C:\Users\JackandSallie\Documents\Garage Sale

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-14 19:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-04-14 18:48 - 2013-02-08 08:34 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-04-14 18:23 - 2013-10-23 01:02 - 01475635 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-04-14 13:44 - 2013-01-31 14:15 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F841D55A-3055-40AA-A7EC-4D2B76B9ECC3}
    2015-04-14 11:48 - 2013-02-08 08:34 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2015-04-14 11:16 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2015-04-14 10:36 - 2013-12-17 11:14 - 00003208 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForJackandSallie
    2015-04-14 10:36 - 2013-12-17 11:14 - 00000378 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForJackandSallie.job
    2015-04-14 10:36 - 2013-02-01 18:37 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
    2015-04-14 07:21 - 2013-10-23 09:32 - 00000000 ___DO () C:\Users\JackandSallie\SkyDrive
    2015-04-14 07:21 - 2013-02-07 10:00 - 00000501 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
    2015-04-13 22:45 - 2013-09-29 23:04 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-04-13 22:40 - 2013-08-22 09:46 - 00319582 _____ () C:\WINDOWS\setupact.log
    2015-04-13 22:40 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-04-13 22:40 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
    2015-04-13 07:59 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-04-11 07:21 - 2013-01-31 14:23 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3197496165-2814395380-2150283531-1001
    2015-04-09 20:55 - 2013-09-29 22:55 - 00039926 _____ () C:\WINDOWS\PFRO.log
    2015-04-09 20:19 - 2015-01-23 23:33 - 00000000 ____D () C:\Users\JackandSallie\Documents\Nibbler 2015
    2015-04-09 10:34 - 2013-01-31 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-04-05 09:32 - 2014-07-22 22:04 - 00000000 ___HD () C:\Program Files (x86)\Mozilla Firefox
    2015-04-01 20:40 - 2013-09-21 09:54 - 03225618 _____ () C:\Users\JackandSallie\Downloads\6122479814_092113.zip
    2015-04-01 18:17 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
    2015-04-01 09:43 - 2014-07-30 20:56 - 00000000 ____D () C:\Users\JackandSallie\Downloads\Tara
    2015-03-31 10:16 - 2013-10-23 00:52 - 00000000 ____D () C:\Users\JackandSallie
    2015-03-23 15:39 - 2014-01-15 21:41 - 00000000 ____D () C:\Users\JackandSallie\Documents\usaa
    2015-03-19 19:08 - 2013-01-24 15:29 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
    2015-03-17 12:59 - 2013-11-13 20:47 - 00000000 ____D () C:\Users\JackandSallie\AppData\Local\Windows Live

    ==================== Files in the root of some directories =======

    2014-08-24 10:20 - 2014-09-25 09:20 - 0000085 _____ () C:\Users\JackandSallie\AppData\Roaming\WB.CFG
    2013-02-08 20:11 - 2013-03-09 12:43 - 0007619 _____ () C:\Users\JackandSallie\AppData\Local\Resmon.ResmonCfg
    2014-05-03 18:46 - 2014-05-03 18:51 - 0000367 _____ () C:\ProgramData\hpzinstall.log
    2013-01-31 14:14 - 2013-01-31 14:14 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

    Some content of TEMP:
    ====================
    C:\Users\JackandSallie\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\JackandSallie\AppData\Local\Temp\Quarantine.exe
    C:\Users\JackandSallie\AppData\Local\Temp\sp64126.exe
    C:\Users\JackandSallie\AppData\Local\Temp\sqlite3.dll
    C:\Users\JackandSallie\AppData\Local\Temp\UninstallHPSA.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-14 07:32

    ==================== End Of Log ============================

    Do you want the addition text?
     
  19. 2015/04/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're not reading my reply carefully.
    You don't click "Scan ". You click "Fix" button.
     
  20. 2015/04/14
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
    Ran by JackandSallie at 2015-04-14 19:26:03
    Running from C:\Users\JackandSallie\Desktop\winbbs tools
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AtomTime Pro 3.1d (HKLM-x32\...\AtomTime Pro_is1) (Version: 3.1d - Naissan Innovations, LLC)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.0.0 - Belarc Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
    CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
    e-Rewards Notify (HKLM-x32\...\{5FC24EB6-6FF2-4073-A108-4D0A4229330C}) (Version: 1.1.0.254 - e-Rewards Opinion Panel)
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
    Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Fomine Net Send GUI (HKLM-x32\...\{1D762243-7FA0-4152-B3B5-A5541C3F0C9E}) (Version: 2.7.0.0 - Fomine Software)
    Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
    HP Connected Music (Meridian - player) (HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\...\HPConnectedMusic) (Version: 1.1 (build 37) hp - Meridian Audio Ltd)
    HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
    HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
    HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
    HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6429.0 - IDT)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
    Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 3.0.2.59 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\...\SkyDriveSetup.exe) (Version: 17.0.2011.0627 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works Calendar 1.0 (HKLM-x32\...\Works Calendar) (Version: - )
    Microsoft Works Setup Launcher (HKLM-x32\...\Works99Setup) (Version: - )
    Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
    OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
    OLYMPUS ib (HKLM-x32\...\InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}) (Version: 1.1.1404 - OLYMPUS IMAGING CORP.)
    OLYMPUS ib (x32 Version: 1.1.1404 - OLYMPUS IMAGING CORP.) Hidden
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Pretty Good Solitaire 2k (HKLM-x32\...\Pretty Good Solitaire 2k) (Version: - )
    PS_AIO_02_Software (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
    PS_AIO_02_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
    Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    TI xHCI Filter Driver 1.0.0.4 (HKLM-x32\...\TI xHCI Filter Driver) (Version: 1.0.0.4 - Texas Instruments Inc.)
    Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
    Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\JackandSallie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\JackandSallie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\JackandSallie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\JackandSallie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3197496165-2814395380-2150283531-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\JackandSallie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    22-03-2015 11:49:58 Scheduled Checkpoint
    01-04-2015 16:49:21 Scheduled Checkpoint
    09-04-2015 11:24:35 Scheduled Checkpoint
    09-04-2015 18:58:53 Checkpoint by HitmanPro
    09-04-2015 19:00:31 Checkpoint by HitmanPro
    14-04-2015 11:15:36 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {10DA01D6-9B14-4239-B940-8E49575AF43F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {14D57A22-7FCA-4A78-B3F3-3143C2745C5C} - System32\Tasks\{B5A0D148-DF54-4463-A479-7112420FFD3F} => pcalua.exe -a "C:\Program Files (x86)\Phantom EFX\ReelDealLive\BattleSlots\battleslots.exe" -d "C:\Program Files (x86)\Phantom EFX\ReelDealLive\BattleSlots\ "
    Task: {2973988C-0E7C-453F-87F0-B8EA0CBFF698} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
    Task: {47CE39E4-E556-494C-881E-78AD638F9D74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {50EC5B0E-6BBA-43B2-AEEA-F7EBFA7DADC5} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {51FBDF8E-8729-4FB8-ADAF-00C3D9B1C2FA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
    Task: {57E50CA5-2FC1-4BA7-9AC0-86C21D4B2EA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
    Task: {645AF2E2-928B-4BA6-8B9E-7AEBDC87BC44} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {677962AF-9DCC-40E9-86CD-FAF28F940032} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {6BCC60A6-2F1B-4ADE-9C53-22B111EED925} - System32\Tasks\HPCeeScheduleForJackandSallie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {7A7F436A-171C-4738-8711-26356604C1A5} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
    Task: {868AE0DA-F0D3-4B8C-9D8E-7CF8D3643547} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {92473092-0212-4C55-9A68-36F3A7E7554C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {B1489CF4-07EC-41A8-B0AA-9708392A1078} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {B87D9DB9-87C9-4F4A-AC4A-7AEF3EB5D09A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
    Task: {BAA45A32-838B-4E31-807F-A22492F0FA83} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
    Task: {F91931EE-F323-4FF6-8930-50DC29619874} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
    Task: {FCB1D55B-6AD1-4331-9A70-095B07669320} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForJackandSallie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) ==============

    2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-01-07 12:25 - 2015-01-07 12:25 - 00094208 _____ () C:\Program Files (x86)\MR APP\MRAPP.Common.dll
    2015-01-07 12:25 - 2015-01-07 12:25 - 00013824 _____ () C:\Program Files (x86)\MR APP\MRAPP.Scheduler.dll
    2015-01-07 12:25 - 2015-01-07 12:25 - 00272384 _____ () C:\Program Files (x86)\MR APP\C5.dll
    2012-10-12 20:22 - 2012-10-12 20:22 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
    2012-10-12 20:22 - 2012-10-12 20:22 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
    2012-10-12 20:22 - 2012-10-12 20:22 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
    2015-01-07 12:25 - 2015-01-07 12:25 - 00080896 _____ () C:\Program Files (x86)\MR APP\MRAPP.UI.Resources.R23.dll
    2008-02-25 15:09 - 2008-02-25 15:09 - 00200704 _____ () C:\Program Files (x86)\Fomine Net Send GUI\imclient.dll
    2013-01-24 15:29 - 2012-06-07 22:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2013-01-31 14:51 - 1996-06-07 01:06 - 00189952 _____ () C:\WINDOWS\qcard32.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\JackandSallie\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\JackandSallie\Documents\Personal (Web).url:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3197496165-2814395380-2150283531-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JackandSallie\Downloads\scan0181.jpg
    DNS Servers: 75.75.76.76 - 75.75.75.75

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "LAN Chat.lnk "
    HKLM\...\StartupApproved\Run: => "iTunesHelper "
    HKLM\...\StartupApproved\Run32: => "Adobe ARM "
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched "
    HKLM\...\StartupApproved\Run32: => "APSDaemon "
    HKLM\...\StartupApproved\Run32: => "BFHP "

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3197496165-2814395380-2150283531-500 - Administrator - Disabled)
    Guest (S-1-5-21-3197496165-2814395380-2150283531-501 - Limited - Disabled)
    JackandSallie (S-1-5-21-3197496165-2814395380-2150283531-1001 - Administrator - Enabled) => C:\Users\JackandSallie

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/14/2015 07:21:46 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8

    Error: (04/14/2015 07:21:46 AM) (Source: PerfNet) (EventID: 2004) (User: )
    Description:

    Error: (04/14/2015 07:21:46 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8

    Error: (04/14/2015 07:21:46 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: LsaC:\Windows\System32\Secur32.dll8

    Error: (04/14/2015 07:21:46 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: ESENTC:\WINDOWS\system32\esentprf.dll8

    Error: (04/14/2015 07:21:46 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8


    System errors:
    =============
    Error: (04/14/2015 07:21:32 AM) (Source: ipnathlp) (EventID: 30013) (User: )
    Description: 192.168.1.100192.168.137.0255.255.255.0

    Error: (04/14/2015 00:14:40 AM) (Source: DCOM) (EventID: 10010) (User: JACKPC)
    Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


    Microsoft Office Sessions:
    =========================
    Error: (04/14/2015 07:21:46 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8

    Error: (04/14/2015 07:21:46 AM) (Source: PerfNet) (EventID: 2004) (User: )
    Description:

    Error: (04/14/2015 07:21:46 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8

    Error: (04/14/2015 07:21:46 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: LsaC:\Windows\System32\Secur32.dll8

    Error: (04/14/2015 07:21:46 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: ESENTC:\WINDOWS\system32\esentprf.dll8

    Error: (04/14/2015 07:21:46 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8


    CodeIntegrity Errors:
    ===================================
    Date: 2015-04-14 07:56:20.046
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-14 07:56:19.936
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-14 07:56:19.811
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-14 07:56:19.686
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-14 07:56:19.561
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-14 07:56:19.436
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-14 07:56:19.311
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-14 07:56:19.186
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-14 07:56:19.061
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-14 07:56:18.936
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
    Percentage of memory in use: 38%
    Total physical RAM: 6028.85 MB
    Available physical RAM: 3708.27 MB
    Total Pagefile: 6988.85 MB
    Available Pagefile: 4090.66 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:911.28 GB) (Free:848.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Recovery Image) (Fixed) (Total:18.42 GB) (Free:2.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 22243B58)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  21. 2015/04/14
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    I will click fix.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.