The only thing i can think of trying is reinstall Adobe Flash Player. To do this is IE go to add/remove programs in control panel & uninstall all copies of adobe flash player then go to http://get.adobe.com/flashplayer/ & install the newest version of flash player. In Google Chrome flash player is built into the web browser & is automatically updated through the browser so the only way to reinstall flash in chrome is to reinstall the web browser. You can try reinstalling google chrome without uninstalling your current copy. I've never tried this with chrome but the installer should automatically remove the current copy with the new copy.
-
Please click the link below for your operating system to download the TSG SysInfo Utility. Click on "Save File" then double-click the file to run it. Copy and paste the report in your initial post. Windows 7 and later (downloads a file named tsginfo.exe) | Windows XP (downloads a file named SysInfo.exe)
- Status
1 - 20 of 23 Posts
2
Hi Phil, mpeet611 asked if I could take a look at your problem. Please run the following scans and post the logs requested.
SCAN 1
Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.
NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.
Close your browser and double click on this icon on your desktop:
You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
NOTE: If for any reason the report does not appear, open Windows Explorer and click on the C: drive in the left pane, in the right pane you should find a new folder called Adwcleaner, double click on it and you will see the saved logs. Find the log that has a number in brackets starting with an S NOT R, similar to this: Adwcleaner[S1], double click on the one with the highest number and the log will open, Copy & Paste it into your reply.
SCAN 2
Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download and use any other software that may be advertised on the page.
Note: If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
SCAN 1
Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.
NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.
Close your browser and double click on this icon on your desktop:
You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
NOTE: If for any reason the report does not appear, open Windows Explorer and click on the C: drive in the left pane, in the right pane you should find a new folder called Adwcleaner, double click on it and you will see the saved logs. Find the log that has a number in brackets starting with an S NOT R, similar to this: Adwcleaner[S1], double click on the one with the highest number and the log will open, Copy & Paste it into your reply.
SCAN 2
Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download and use any other software that may be advertised on the page.
Note: If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Double-click on FRST to run it. When the tool opens click Yes to the disclaimer.
- Press the Scan button. DO NOT check any of the Optional Scan options unless requested.
- It will make a log (FRST.txt) in the same directory the tool is run from. Please copy and paste it into your next reply.
- The first time the tool is run, it makes another log (Addition.txt). Please also copy and paste that into your reply.
Here are the scans as required
Phil T
# AdwCleaner v4.101 - Report created 19/11/2014 at 08:56:44
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Phil - PHIL-HP
# Running from : C:\Users\Phil\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Deleted : C:\Program Files (x86)\speed browser
Folder Deleted : C:\Users\Phil\AppData\Local\Weather_Protector_LLC
Folder Deleted : C:\Users\Phil\AppData\Local\speed browser
Folder Deleted : C:\Users\Phil\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Phil\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb
File Deleted : C:\Users\Phil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
File Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
Task Deleted : LaunchSignup
Task Deleted : Optimizer Pro Schedule
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{a8177b71-ee19-4e0f-b2f9-02d533eb946D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D8AED7D5-E5D6-4B0D-8142-333726A75BCA}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\PerformerSoft
Key Deleted : HKCU\Software\UnknownFile
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\PerformerSoft
Key Deleted : HKLM\SOFTWARE\SpeedBrowser
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnknownFile
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\findwide.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\imesh.net
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nortonsafe.search.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.findwide.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.imesh.net
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\snapdo.com
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v37.0.2062.120
*************************
AdwCleaner[R0].txt - [28082 octets] - [23/10/2014 08:33:17]
AdwCleaner[R1].txt - [5174 octets] - [19/11/2014 08:52:05]
AdwCleaner[S0].txt - [25587 octets] - [23/10/2014 08:36:34]
AdwCleaner[S1].txt - [4393 octets] - [19/11/2014 08:56:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4453 octets] ##########
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Phil at 2014-11-19 09:05:06
Running from C:\Users\Phil\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
2600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
2600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Aerial Mahjong (HKLM-x32\...\BFG-Aerial Mahjong) (Version: - )
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
ATI Catalyst Install Manager (HKLM\...\{BCC01139-903A-6FC7-3358-85B0AE332601}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Daily Mah Jong (HKLM-x32\...\BFG-Daily Mah Jong) (Version: - )
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.04.022 - Portrait Displays, Inc.)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Canvas (HKLM-x32\...\{27710506-32B1-49B3-B95B-B7C65FA6FA15}) (Version: 5.1.4267.27011 - Hewlett-Packard)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Touch Browser (HKLM-x32\...\{4E575BFF-51A0-474E-A3BA-C0FCF82E6A78}) (Version: 5.1.4227.17815 - Hewlett-Packard)
HP TouchSmart Ben10 Comic Book Reader (HKLM-x32\...\{9EFD323B-6ADB-4B3A-9253-EA1A75E00F25}_is1) (Version: 4.0.0.0 - Turner Entertainment Networks Asia, Inc.)
HP TouchSmart Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart eBay (HKLM-x32\...\{F12C6162-10D4-444A-9182-05CC3DB2456E}) (Version: 1.0.4098.28440 - Hewlett-Packard)
HP TouchSmart Get Updated! (HKLM-x32\...\{2B720998-2E26-4DD6-8AC8-A1FCA4B58384}_is1) (Version: 4.0.0.0 - Turner Entertainment Networks Asia, Inc.)
HP TouchSmart Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart Paint Blast (HKLM-x32\...\{FBB0C095-4FF0-4AF6-8CD5-A80A390FB101}_is1) (Version: 4.0.0.0 - Turner Entertainment Networks Asia, Inc.)
HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 4.0.0.4 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{75781594-73D9-4D7B-997F-14D41BF1514E}) (Version: 3.0.4276.30236 - Hewlett-Packard)
HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.4214 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ICQ 8.2 (build 7137) (HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\ICQ) (Version: 8.2.7137.0 - ICQ)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjong Escape Ancient China (HKLM-x32\...\BFG-Mahjong Escape Ancient China) (Version: - )
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.3.1000 - Maxthon International Limited)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\MusicStationNetstaller) (Version: 1.0.1.25 - Hewlett-Packard)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink)
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDK (x32 Version: 2.26.005 - Portrait Displays, Inc.) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Twitter (HKLM-x32\...\{75781594-73D9-4D7B-997F-14D41BF1514D}) (Version: - )
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo!7 Messenger (HKLM-x32\...\Yahoo!7 Messenger) (Version: - Yahoo! Inc.)
Yahoo!7 Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
14-11-2014 00:02:40 Revo Uninstaller's restore point - Adobe AIR
14-11-2014 00:05:05 Revo Uninstaller's restore point - Adobe Flash Player 15 ActiveX
14-11-2014 00:06:57 Revo Uninstaller's restore point - Adobe Flash Player 15 Plugin
14-11-2014 00:08:14 Revo Uninstaller's restore point - Adobe Shockwave Player 12.1
14-11-2014 13:22:55 Revo Uninstaller's restore point - WinZip Driver Updater
14-11-2014 13:25:10 Revo Uninstaller's restore point - iMesh Packages
15-11-2014 02:04:07 Revo Uninstaller's restore point - Findwide Toolbar
15-11-2014 02:38:11 Revo Uninstaller's restore point - PC Performer
15-11-2014 02:40:53 Revo Uninstaller's restore point - Power2Go
15-11-2014 02:41:31 Configured Power2Go
15-11-2014 02:47:54 Revo Uninstaller's restore point - SettingsGuard
15-11-2014 02:51:08 Revo Uninstaller's restore point - WinZip Driver Updater
18-11-2014 12:19:31 Revo Uninstaller's restore point - speed browser
18-11-2014 12:33:59 Revo Uninstaller's restore point - Kobo
18-11-2014 12:36:38 Revo Uninstaller's restore point - Video Performer
18-11-2014 23:14:22 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0F9453D3-3FBC-4CF2-AF9C-C28183B66C0E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2011-05-31] (CyberLink)
Task: {13DECB0A-CBFB-4C0F-81F4-5888984334B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {383867AD-C910-4B6C-98FB-6AB413E74D5E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-15] (Adobe Systems Incorporated)
Task: {6E93793D-22E5-4490-868B-325F300D7287} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7531CFBE-5924-4C81-9847-BFA854E8FD83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7D19F01B-CC2D-42AC-A8E8-417869446766} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)
Task: {7D867FB4-65AC-4A76-A988-F6AF5AA9F31B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)
Task: {81B441A8-22DB-46C3-AA94-2E0BAFB621DA} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-11-06] (Maxthon International ltd.)
Task: {9922220F-CD7E-4513-B3AD-C675A925454A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AE44722D-5689-4AEB-8454-6753A4238B00} - System32\Tasks\HPCeeScheduleForPHIL-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B0E51BCD-FF2D-46EF-A879-293C750A802F} - System32\Tasks\PC Performer Scheduled Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {C195EDC8-A3D9-425D-A5A7-8E2588CD9122} - System32\Tasks\HPCeeScheduleForPhil => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {E63E33C3-A1AF-4700-B6BC-4933BFB2A169} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {EE835894-4A09-4957-8306-0747D73E462D} - System32\Tasks\PC Performer Logon Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\Windows\Tasks\44f212f3-448b-4b3f-99c1-81bcad79927e.job => C:\Program Files (x86)\HD-Quality-v3V09.10\44f212f3-448b-4b3f-99c1-81bcad79927e.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ebc69e93-e8aa-4939-97d7-d4352799c479-5_user.job => C:\Program Files (x86)\HD-Quality-v3V09.10\ebc69e93-e8aa-4939-97d7-d4352799c479-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPHIL-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPhil.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2014-09-20 16:24 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-06-30 15:14 - 2011-06-30 15:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-15 05:20 - 2011-03-15 05:20 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-09-19 21:52 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2014-09-19 21:52 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
2014-09-20 08:37 - 2014-09-20 08:37 - 00859144 _____ () C:\Users\Phil\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2011-09-13 09:35 - 2011-02-16 02:59 - 00015624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dll
2014-09-19 20:59 - 2014-09-04 11:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-19 20:59 - 2014-09-04 11:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-19 20:59 - 2014-09-04 11:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-19 20:59 - 2014-09-04 11:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-19 20:59 - 2014-09-04 11:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-19 20:59 - 2014-09-04 11:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:27FC7C9E
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:3DEB2C16
AlternateDataStreams: C:\ProgramData\Temp:4C1D9362
AlternateDataStreams: C:\ProgramData\Temp:72E6616C
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3569768352-949659789-3627985013-500 - Administrator - Disabled)
Guest (S-1-5-21-3569768352-949659789-3627985013-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3569768352-949659789-3627985013-1002 - Limited - Enabled)
Phil (S-1-5-21-3569768352-949659789-3627985013-1000 - Administrator - Enabled) => C:\Users\Phil
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/17/2014 07:09:32 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/16/2014 08:48:48 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/16/2014 08:43:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 37.0.2062.120, time stamp: 0x5407bf0e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x65657274
Faulting process id: 0xb34
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Error: (11/15/2014 11:27:26 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/15/2014 11:18:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OSDManager.exe, version: 1.0.0.1, time stamp: 0x4dfb8a67
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcdeca2
Exception code: 0xc0000005
Fault offset: 0x000539f5
Faulting process id: 0x13fc
Faulting application start time: 0xOSDManager.exe0
Faulting application path: OSDManager.exe1
Faulting module path: OSDManager.exe2
Report Id: OSDManager.exe3
Error: (11/15/2014 11:09:02 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/15/2014 11:04:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 37.0.2062.120, time stamp: 0x5407bf0e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x65657274
Faulting process id: 0x8f4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Error: (11/15/2014 10:59:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OSDManager.exe, version: 1.0.0.1, time stamp: 0x4dfb8a67
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcdeca2
Exception code: 0xc0000005
Fault offset: 0x000539f5
Faulting process id: 0xeb8
Faulting application start time: 0xOSDManager.exe0
Faulting application path: OSDManager.exe1
Faulting module path: OSDManager.exe2
Report Id: OSDManager.exe3
Error: (11/15/2014 08:31:36 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/15/2014 08:22:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OSDManager.exe, version: 1.0.0.1, time stamp: 0x4dfb8a67
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcdeca2
Exception code: 0xc0000005
Fault offset: 0x000539f5
Faulting process id: 0x129c
Faulting application start time: 0xOSDManager.exe0
Faulting application path: OSDManager.exe1
Faulting module path: OSDManager.exe2
Report Id: OSDManager.exe3
System errors:
=============
Error: (11/19/2014 08:57:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069
Error: (11/19/2014 08:57:36 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (11/19/2014 08:57:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069
Error: (11/19/2014 08:57:36 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (11/19/2014 08:57:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
Error: (11/19/2014 08:57:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CalendarSynchService service terminated unexpectedly. It has done this 1 time(s).
Error: (11/19/2014 08:57:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (11/19/2014 08:57:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (11/19/2014 08:57:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
Error: (11/19/2014 08:57:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).
Microsoft Office Sessions:
=========================
Error: (11/17/2014 07:09:32 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/16/2014 08:48:48 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/16/2014 08:43:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe37.0.2062.1205407bf0eunknown0.0.0.000000000c000000565657274b3401d0013632f4ef19C:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknown84e2c54f-6d29-11e4-a0ad-3860775df82f
Error: (11/15/2014 11:27:26 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/15/2014 11:18:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: OSDManager.exe1.0.0.14dfb8a67MFC80.DLL8.0.50727.61954dcdeca2c0000005000539f513fc01d00082c41977d6C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exeC:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL10019f09-6c76-11e4-95de-3860775df82f
Error: (11/15/2014 11:09:02 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/15/2014 11:04:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe37.0.2062.1205407bf0eunknown0.0.0.000000000c0000005656572748f401d000807c2c3295C:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknown1e83c6a7-6c74-11e4-90b9-3860775df82f
Error: (11/15/2014 10:59:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: OSDManager.exe1.0.0.14dfb8a67MFC80.DLL8.0.50727.61954dcdeca2c0000005000539f5eb801d00080216f0654C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exeC:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL6b28d3aa-6c73-11e4-90b9-3860775df82f
Error: (11/15/2014 08:31:36 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/15/2014 08:22:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: OSDManager.exe1.0.0.14dfb8a67MFC80.DLL8.0.50727.61954dcdeca2c0000005000539f5129c01d0006a22b01b70C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exeC:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL6f84c8fa-6c5d-11e4-a1b1-3860775df82f
CodeIntegrity Errors:
===================================
Date: 2014-11-18 14:00:06.891
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-18 14:00:06.889
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-18 14:00:06.887
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-18 14:00:06.866
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-18 14:00:06.864
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-18 14:00:06.862
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-17 09:52:36.745
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-17 09:52:36.743
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-17 09:52:36.741
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-17 09:52:36.727
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Phil (administrator) on PHIL-HP on 19-11-2014 09:03:45
Running from C:\Users\Phil\Downloads
Loaded Profile: Phil (Available profiles: Phil)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Interesting Solutions) C:\ProgramData\JdsPdTQL\AZSVqPoewi.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(ICQ) C:\Users\Phil\AppData\Roaming\ICQM\icq.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-21] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-06-18] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [mbot_au_54] => [X]
HKLM-x32\...\Run: [mbot_au_52] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-07] (SUPERAntiSpyware)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [iMesh] => "C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --lightmode
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [icq] => C:\Users\Phil\AppData\Roaming\ICQM\icq.exe [35224128 2014-09-20] (ICQ)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3569768352-949659789-3627985013-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3569768352-949659789-3627985013-1000] => http=127.0.0.1:33976
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://services.freshy.com/general/newhometab.php?hometab=home&partner=10815&guid={ABB849B7-4ACC-4FA1-A251-34D5CB2F89FD}&i=
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A769B6DAAE6CF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> DefaultScope {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL =
SearchScopes: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> {26810A5F-1041-4808-8BAC-8B4940F7ED5C} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10815
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> No Name - {96B19418-0628-48F3-8784-1BF5FF11B309} - No File
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3569768352-949659789-3627985013-1000: iMeshPlugin -> C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-09-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.au.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.au.yahoo.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google
ageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-19]
CHR Extension: (Google Docs) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-19]
CHR Extension: (Google Drive) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09]
CHR Extension: (Kaspersky Protection) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-10-09]
CHR Extension: (YouTube) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-19]
CHR Extension: (Google Search) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-19]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-10-09]
CHR Extension: (Google Sheets) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-19]
CHR Extension: (Flipora: Mood-aware Website Recommendations) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnmfopkdlikmjcekmiclchejcpkapeji [2014-09-24]
CHR Extension: (Safe Money) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-10-11]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-10-11]
CHR Extension: (Virtual Keyboard) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-10-11]
CHR Extension: (TelevisionFanatic) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhllgfblonmjgobikneaoamdhneaecac [2014-10-18]
CHR Extension: (Google Wallet) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-19]
CHR Extension: (MapsGalaxy) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb [2014-10-05]
CHR Extension: (Gmail) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-19]
CHR Extension: (Anti-Banner) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-10-09]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-06-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-15] (Kaspersky Lab ZAO)
R2 AZSVqPoewi; C:\ProgramData\JdsPdTQL\AZSVqPoewi.exe [2726256 2014-11-08] (Interesting Solutions)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-06-18] (Portrait Displays, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 FintekCIR; C:\Windows\system32\drivers\FintekCIR.sys [30248 2009-11-13] (Fintek)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-10-09] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-15] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-15] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-10-09] (Kaspersky Lab ZAO)
R3 NWVoltron; C:\Windows\system32\drivers\NWVoltron.sys [28440 2011-06-24] ()
S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-24] (n/a)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-12] ()
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-19 09:03 - 2014-11-19 09:04 - 00024818 _____ () C:\Users\Phil\Downloads\FRST.txt
2014-11-19 09:03 - 2014-11-19 09:03 - 00000000 ____D () C:\FRST
2014-11-19 09:02 - 2014-11-19 09:03 - 02117120 _____ (Farbar) C:\Users\Phil\Downloads\FRST64.exe
2014-11-19 08:50 - 2014-11-19 08:51 - 02140160 _____ () C:\Users\Phil\Downloads\AdwCleaner.exe
2014-11-15 12:06 - 2014-11-15 12:06 - 00000000 __SHD () C:\Users\Phil\AppData\Local\EmieBrowserModeList
2014-11-15 11:14 - 2014-11-19 08:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 11:14 - 2014-11-15 12:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-15 11:14 - 2014-11-15 12:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-15 11:14 - 2014-11-15 12:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-15 09:55 - 2014-11-15 09:55 - 00003436 _____ () C:\Windows\System32\Tasks\PC Performer Scheduled Scan
2014-11-15 09:55 - 2014-11-15 09:55 - 00003248 _____ () C:\Windows\System32\Tasks\PC Performer Logon Scan
2014-11-15 09:55 - 2014-11-15 09:55 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\UnknownFile
2014-11-15 09:55 - 2014-09-12 09:23 - 03421696 _____ (Performersoft, LLC.) C:\Windows\performersoftsetup.dll
2014-11-14 21:31 - 2014-09-19 00:20 - 00012723 _____ () C:\Users\Phil\Documents\DriverRestore-License.txt
2014-11-14 20:23 - 2014-11-14 20:23 - 00000000 ____D () C:\Users\Phil\AppData\Local\Microsoft Help
2014-11-14 20:23 - 2014-11-14 20:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 08:13 - 2014-11-08 03:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 08:13 - 2014-11-08 03:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 08:13 - 2014-11-06 12:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 08:13 - 2014-11-06 12:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 08:13 - 2014-11-06 11:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 08:13 - 2014-11-06 11:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 08:13 - 2014-11-06 11:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 08:13 - 2014-11-06 11:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 08:13 - 2014-11-06 11:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 08:13 - 2014-11-06 11:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 08:13 - 2014-11-06 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 08:13 - 2014-11-06 11:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 08:13 - 2014-11-06 11:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 08:13 - 2014-11-06 11:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:13 - 2014-11-06 11:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 08:13 - 2014-11-06 11:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 08:13 - 2014-11-06 11:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 08:13 - 2014-11-06 11:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:13 - 2014-11-06 11:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 08:13 - 2014-11-06 11:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:13 - 2014-11-06 11:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:13 - 2014-11-06 11:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 08:13 - 2014-11-06 11:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 08:13 - 2014-11-06 11:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 08:13 - 2014-11-06 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 08:13 - 2014-11-06 11:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 08:13 - 2014-11-06 10:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 08:13 - 2014-11-06 10:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 08:13 - 2014-11-06 10:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 08:13 - 2014-11-06 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 08:13 - 2014-11-06 10:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:13 - 2014-11-06 10:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 08:13 - 2014-11-06 10:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 08:13 - 2014-11-06 10:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 08:13 - 2014-11-06 10:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 08:13 - 2014-11-06 10:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 08:13 - 2014-11-06 10:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 08:13 - 2014-11-06 10:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 08:13 - 2014-11-06 10:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 08:13 - 2014-11-06 10:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 08:13 - 2014-11-06 10:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 08:13 - 2014-11-06 10:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:13 - 2014-11-06 10:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 08:13 - 2014-11-06 10:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 08:13 - 2014-11-06 09:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 08:13 - 2014-11-06 09:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 08:13 - 2014-11-06 09:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 08:13 - 2014-11-06 09:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 08:12 - 2014-11-06 12:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 08:12 - 2014-11-06 11:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 08:12 - 2014-11-06 11:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 08:12 - 2014-11-06 11:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 08:12 - 2014-11-06 11:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 08:12 - 2014-11-06 11:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 08:12 - 2014-11-06 10:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 08:12 - 2014-11-06 10:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 07:53 - 2014-10-14 10:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 07:53 - 2014-10-14 10:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 07:53 - 2014-10-14 10:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 07:53 - 2014-10-14 10:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 07:53 - 2014-10-14 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 07:53 - 2014-10-14 09:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 07:53 - 2014-10-14 09:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 07:53 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 07:53 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 07:48 - 2014-10-25 09:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 07:48 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 07:48 - 2014-10-14 10:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 07:48 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 07:48 - 2014-10-10 08:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 07:48 - 2014-10-03 10:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 07:48 - 2014-08-21 14:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 07:48 - 2014-08-21 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 07:48 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 07:48 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 07:48 - 2014-08-12 10:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 07:48 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 07:47 - 2014-10-18 10:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 07:47 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 07:35 - 2014-11-13 07:36 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Maxthon3
2014-11-13 07:35 - 2014-11-13 07:35 - 00003578 _____ () C:\Windows\System32\Tasks\Maxthon Update
2014-11-13 07:35 - 2014-11-13 07:35 - 00001083 _____ () C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk
2014-11-13 07:35 - 2014-11-13 07:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
2014-11-13 07:35 - 2014-11-13 07:35 - 00000000 ____D () C:\Program Files (x86)\Maxthon
2014-11-12 12:06 - 2014-11-12 12:06 - 00001963 _____ () C:\Users\Public\Desktop\Play Aerial Mahjong.lnk
2014-11-12 12:06 - 2014-11-12 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerial Mahjong
2014-11-12 12:06 - 2014-11-12 12:06 - 00000000 ____D () C:\Program Files (x86)\Aerial Mahjong
2014-11-11 21:01 - 2014-11-11 21:01 - 00000000 ____D () C:\InstaShare
2014-11-11 09:42 - 2014-11-11 09:42 - 00258661 _____ () C:\Users\Phil\Documents\Clyde1.htm
2014-11-11 09:42 - 2014-11-11 09:42 - 00000000 ____D () C:\Users\Phil\Documents\Clyde1_files
2014-11-08 20:01 - 2014-11-19 09:02 - 00000000 ____D () C:\Users\Phil\AppData\Local\InstaShare
2014-11-08 20:00 - 2014-11-08 20:00 - 00000000 ____D () C:\ProgramData\JdsPdTQL
2014-11-08 19:59 - 2014-11-08 19:59 - 00000000 ____D () C:\Users\Phil\AppData\Local\TNT2
2014-11-08 19:59 - 2014-11-08 19:59 - 00000000 ____D () C:\Program Files (x86)\TNT2
2014-11-06 14:25 - 2014-11-06 14:25 - 00000000 ____D () C:\ProgramData\Sophos
2014-11-06 14:24 - 2014-11-06 14:25 - 00003201 _____ () C:\Users\Phil\Desktop\Sophos Virus Removal Tool.lnk
2014-11-06 14:24 - 2014-11-06 14:24 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-06 14:24 - 2014-11-06 14:24 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-11-03 07:22 - 2014-11-18 07:44 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForPhil.job
2014-11-03 07:22 - 2014-11-17 07:04 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPhil
2014-10-25 09:29 - 2014-10-25 09:29 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-25 09:29 - 2014-10-25 09:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-25 09:29 - 2014-10-25 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-23 08:41 - 2014-10-23 08:41 - 00025587 _____ () C:\Users\Phil\Documents\AdwCleaner[S0].txt
2014-10-23 08:33 - 2014-11-19 08:56 - 00000000 ____D () C:\AdwCleaner
2014-10-23 08:00 - 2014-10-23 08:00 - 00000000 ____D () C:\ProgramData\812E
2014-10-22 10:05 - 2014-11-12 12:06 - 00001258 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-10-22 10:05 - 2014-10-22 10:05 - 00002117 _____ () C:\Users\Public\Desktop\Play Mahjong Escape Ancient China.lnk
2014-10-22 10:05 - 2014-10-22 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mahjong Escape Ancient China
2014-10-22 10:05 - 2014-10-22 10:05 - 00000000 ____D () C:\Program Files (x86)\Mahjong Escape Ancient China
2014-10-22 08:16 - 2014-10-22 08:16 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-20 22:37 - 2014-10-20 22:37 - 00139488 _____ () C:\Windows\SysWOW64\XMLOperations.xml
2014-10-20 10:35 - 2014-11-18 20:43 - 00002166 _____ () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-20 06:33 - 2014-10-20 06:33 - 00000000 ____D () C:\ProgramData\2B37F
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-19 09:02 - 2014-09-19 20:34 - 01590392 _____ () C:\Windows\WindowsUpdate.log
2014-11-19 08:59 - 2014-09-20 08:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-19 08:58 - 2014-10-09 14:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-19 08:58 - 2014-09-19 20:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-19 08:58 - 2011-09-13 09:39 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-19 08:58 - 2010-11-21 11:47 - 01581360 _____ () C:\Windows\PFRO.log
2014-11-19 08:58 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 08:58 - 2009-07-14 12:51 - 00044989 _____ () C:\Windows\setupact.log
2014-11-19 08:44 - 2011-09-13 09:20 - 00000000 ____D () C:\ProgramData\Temp
2014-11-19 08:14 - 2014-09-19 20:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-19 08:08 - 2014-09-20 10:39 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Skype
2014-11-19 07:14 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-19 07:14 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-18 20:36 - 2011-09-13 09:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
2014-11-18 20:22 - 2014-09-19 20:43 - 00001845 _____ () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-18 13:24 - 2014-09-19 20:43 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0CF25CEB-2826-48CC-85E5-500F3D6BCD1E}
2014-11-17 20:39 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-17 14:50 - 2013-11-20 11:15 - 00000000 ____D () C:\Users\Phil\Documents\OTHERS
2014-11-16 08:43 - 2014-09-20 21:05 - 00000000 ____D () C:\Users\Phil\AppData\Local\CrashDumps
2014-11-15 22:48 - 2014-09-28 09:00 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\SoftGrid Client
2014-11-15 16:21 - 2014-09-20 16:47 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-15 16:20 - 2014-10-11 16:37 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-15 12:13 - 2013-12-01 10:38 - 00000000 ____D () C:\Users\Phil\Documents\Bethanie
2014-11-15 12:09 - 2014-09-25 10:46 - 00000000 ____D () C:\Users\Phil\AppData\Local\Adobe
2014-11-15 11:16 - 2009-07-14 13:08 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-15 10:45 - 2011-09-13 09:28 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-11-15 10:45 - 2011-09-13 09:27 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-15 10:45 - 2011-09-13 09:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-15 09:55 - 2009-07-14 10:34 - 00000501 _____ () C:\Windows\win.ini
2014-11-14 12:39 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 07:55 - 2009-07-14 12:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 23:17 - 2014-09-20 10:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 23:12 - 2014-09-20 10:57 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 23:09 - 2014-09-19 20:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 23:09 - 2014-09-19 20:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 23:38 - 2014-10-12 09:11 - 00000000 ____D () C:\BigFishCache
2014-11-10 19:35 - 2014-10-15 08:38 - 06160384 _____ () C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯慤
2014-11-08 19:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Resources
2014-11-08 09:42 - 2014-09-19 21:09 - 00000000 ____D () C:\Users\Phil\AppData\Local\Microsoft Games
2014-11-06 12:02 - 2014-10-11 13:14 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-11-04 21:34 - 2014-09-19 21:34 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPHIL-HP$
2014-11-04 21:34 - 2014-09-19 21:34 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForPHIL-HP$.job
2014-11-04 14:30 - 2010-11-21 11:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-02 00:16 - 2014-10-09 14:18 - 00002332 _____ () C:\Users\Phil\Desktop\Safe Money.lnk
2014-11-01 20:59 - 2014-10-09 14:18 - 00001126 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-10-31 10:54 - 2014-04-25 10:23 - 00000000 ____D () C:\Users\Phil\Documents\Social Club
2014-10-30 07:16 - 2014-10-15 16:25 - 00000000 ____D () C:\Users\Phil\AppData\Local\ApplicationDatabaseTrash
2014-10-28 14:04 - 2014-09-19 20:36 - 00000000 ____D () C:\Users\Phil
2014-10-28 12:05 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-27 21:13 - 2014-09-20 16:30 - 00000000 ____D () C:\Users\Phil\Documents\My Received Files
2014-10-25 09:29 - 2014-09-20 10:39 - 00000000 ____D () C:\Users\Phil\AppData\Local\Skype
2014-10-25 09:29 - 2014-09-20 10:38 - 00000000 ____D () C:\ProgramData\Skype
2014-10-23 07:48 - 2014-09-19 20:37 - 00000000 ____D () C:\Users\Phil\AppData\Local\TouchSmartData
2014-10-23 07:47 - 2014-10-15 16:25 - 00000000 ____D () C:\Windows\SysWOW64\DatabaseMotionWin32
2014-10-22 10:05 - 2014-09-26 20:14 - 00000000 ____D () C:\Users\Phil\AppData\Local\JollyBear
2014-10-22 10:05 - 2014-09-26 20:14 - 00000000 ____D () C:\ProgramData\JollyBear
2014-10-21 10:59 - 2014-10-14 21:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-21 10:59 - 2014-10-14 21:02 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-21 10:59 - 2014-10-10 07:53 - 00001318 _____ () C:\Windows\wininit.ini
Some content of TEMP:
====================
C:\Users\Phil\AppData\Local\Temp\-cktc5x4.dll
C:\Users\Phil\AppData\Local\Temp\228488-676829-adobe-flash-player.exe
C:\Users\Phil\AppData\Local\Temp\certutil.exe
C:\Users\Phil\AppData\Local\Temp\CloudBackup937.exe
C:\Users\Phil\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Phil\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Phil\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Phil\AppData\Local\Temp\msvcr71.dll
C:\Users\Phil\AppData\Local\Temp\nspr4.dll
C:\Users\Phil\AppData\Local\Temp\nss3.dll
C:\Users\Phil\AppData\Local\Temp\optprosetup.exe
C:\Users\Phil\AppData\Local\Temp\plc4.dll
C:\Users\Phil\AppData\Local\Temp\plds4.dll
C:\Users\Phil\AppData\Local\Temp\Quarantine.exe
C:\Users\Phil\AppData\Local\Temp\SHelp2.exe
C:\Users\Phil\AppData\Local\Temp\smime3.dll
C:\Users\Phil\AppData\Local\Temp\softokn3.dll
C:\Users\Phil\AppData\Local\Temp\sqlite3.dll
C:\Users\Phil\AppData\Local\Temp\thcumjhk.dll
C:\Users\Phil\AppData\Local\Temp\w0xqvjwv.dll
C:\Users\Phil\AppData\Local\Temp\we5jtynu.dll
C:\Users\Phil\AppData\Local\Temp\zz7ts6bs.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-15 12:31
==================== End Of Log ============================
Phil T
# AdwCleaner v4.101 - Report created 19/11/2014 at 08:56:44
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Phil - PHIL-HP
# Running from : C:\Users\Phil\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Deleted : C:\Program Files (x86)\speed browser
Folder Deleted : C:\Users\Phil\AppData\Local\Weather_Protector_LLC
Folder Deleted : C:\Users\Phil\AppData\Local\speed browser
Folder Deleted : C:\Users\Phil\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Phil\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb
File Deleted : C:\Users\Phil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
File Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
Task Deleted : LaunchSignup
Task Deleted : Optimizer Pro Schedule
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{a8177b71-ee19-4e0f-b2f9-02d533eb946D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D8AED7D5-E5D6-4B0D-8142-333726A75BCA}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\PerformerSoft
Key Deleted : HKCU\Software\UnknownFile
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\PerformerSoft
Key Deleted : HKLM\SOFTWARE\SpeedBrowser
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnknownFile
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\findwide.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\imesh.net
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nortonsafe.search.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.findwide.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.imesh.net
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\snapdo.com
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v37.0.2062.120
*************************
AdwCleaner[R0].txt - [28082 octets] - [23/10/2014 08:33:17]
AdwCleaner[R1].txt - [5174 octets] - [19/11/2014 08:52:05]
AdwCleaner[S0].txt - [25587 octets] - [23/10/2014 08:36:34]
AdwCleaner[S1].txt - [4393 octets] - [19/11/2014 08:56:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4453 octets] ##########
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Phil at 2014-11-19 09:05:06
Running from C:\Users\Phil\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
2600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
2600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Aerial Mahjong (HKLM-x32\...\BFG-Aerial Mahjong) (Version: - )
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
ATI Catalyst Install Manager (HKLM\...\{BCC01139-903A-6FC7-3358-85B0AE332601}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Daily Mah Jong (HKLM-x32\...\BFG-Daily Mah Jong) (Version: - )
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.04.022 - Portrait Displays, Inc.)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Canvas (HKLM-x32\...\{27710506-32B1-49B3-B95B-B7C65FA6FA15}) (Version: 5.1.4267.27011 - Hewlett-Packard)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Touch Browser (HKLM-x32\...\{4E575BFF-51A0-474E-A3BA-C0FCF82E6A78}) (Version: 5.1.4227.17815 - Hewlett-Packard)
HP TouchSmart Ben10 Comic Book Reader (HKLM-x32\...\{9EFD323B-6ADB-4B3A-9253-EA1A75E00F25}_is1) (Version: 4.0.0.0 - Turner Entertainment Networks Asia, Inc.)
HP TouchSmart Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart eBay (HKLM-x32\...\{F12C6162-10D4-444A-9182-05CC3DB2456E}) (Version: 1.0.4098.28440 - Hewlett-Packard)
HP TouchSmart Get Updated! (HKLM-x32\...\{2B720998-2E26-4DD6-8AC8-A1FCA4B58384}_is1) (Version: 4.0.0.0 - Turner Entertainment Networks Asia, Inc.)
HP TouchSmart Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart Paint Blast (HKLM-x32\...\{FBB0C095-4FF0-4AF6-8CD5-A80A390FB101}_is1) (Version: 4.0.0.0 - Turner Entertainment Networks Asia, Inc.)
HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 4.0.0.4 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{75781594-73D9-4D7B-997F-14D41BF1514E}) (Version: 3.0.4276.30236 - Hewlett-Packard)
HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.4214 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ICQ 8.2 (build 7137) (HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\ICQ) (Version: 8.2.7137.0 - ICQ)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjong Escape Ancient China (HKLM-x32\...\BFG-Mahjong Escape Ancient China) (Version: - )
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.3.1000 - Maxthon International Limited)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\MusicStationNetstaller) (Version: 1.0.1.25 - Hewlett-Packard)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink)
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDK (x32 Version: 2.26.005 - Portrait Displays, Inc.) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Twitter (HKLM-x32\...\{75781594-73D9-4D7B-997F-14D41BF1514D}) (Version: - )
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo!7 Messenger (HKLM-x32\...\Yahoo!7 Messenger) (Version: - Yahoo! Inc.)
Yahoo!7 Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
14-11-2014 00:02:40 Revo Uninstaller's restore point - Adobe AIR
14-11-2014 00:05:05 Revo Uninstaller's restore point - Adobe Flash Player 15 ActiveX
14-11-2014 00:06:57 Revo Uninstaller's restore point - Adobe Flash Player 15 Plugin
14-11-2014 00:08:14 Revo Uninstaller's restore point - Adobe Shockwave Player 12.1
14-11-2014 13:22:55 Revo Uninstaller's restore point - WinZip Driver Updater
14-11-2014 13:25:10 Revo Uninstaller's restore point - iMesh Packages
15-11-2014 02:04:07 Revo Uninstaller's restore point - Findwide Toolbar
15-11-2014 02:38:11 Revo Uninstaller's restore point - PC Performer
15-11-2014 02:40:53 Revo Uninstaller's restore point - Power2Go
15-11-2014 02:41:31 Configured Power2Go
15-11-2014 02:47:54 Revo Uninstaller's restore point - SettingsGuard
15-11-2014 02:51:08 Revo Uninstaller's restore point - WinZip Driver Updater
18-11-2014 12:19:31 Revo Uninstaller's restore point - speed browser
18-11-2014 12:33:59 Revo Uninstaller's restore point - Kobo
18-11-2014 12:36:38 Revo Uninstaller's restore point - Video Performer
18-11-2014 23:14:22 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0F9453D3-3FBC-4CF2-AF9C-C28183B66C0E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2011-05-31] (CyberLink)
Task: {13DECB0A-CBFB-4C0F-81F4-5888984334B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {383867AD-C910-4B6C-98FB-6AB413E74D5E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-15] (Adobe Systems Incorporated)
Task: {6E93793D-22E5-4490-868B-325F300D7287} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7531CFBE-5924-4C81-9847-BFA854E8FD83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7D19F01B-CC2D-42AC-A8E8-417869446766} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)
Task: {7D867FB4-65AC-4A76-A988-F6AF5AA9F31B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)
Task: {81B441A8-22DB-46C3-AA94-2E0BAFB621DA} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-11-06] (Maxthon International ltd.)
Task: {9922220F-CD7E-4513-B3AD-C675A925454A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AE44722D-5689-4AEB-8454-6753A4238B00} - System32\Tasks\HPCeeScheduleForPHIL-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B0E51BCD-FF2D-46EF-A879-293C750A802F} - System32\Tasks\PC Performer Scheduled Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {C195EDC8-A3D9-425D-A5A7-8E2588CD9122} - System32\Tasks\HPCeeScheduleForPhil => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {E63E33C3-A1AF-4700-B6BC-4933BFB2A169} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {EE835894-4A09-4957-8306-0747D73E462D} - System32\Tasks\PC Performer Logon Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\Windows\Tasks\44f212f3-448b-4b3f-99c1-81bcad79927e.job => C:\Program Files (x86)\HD-Quality-v3V09.10\44f212f3-448b-4b3f-99c1-81bcad79927e.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ebc69e93-e8aa-4939-97d7-d4352799c479-5_user.job => C:\Program Files (x86)\HD-Quality-v3V09.10\ebc69e93-e8aa-4939-97d7-d4352799c479-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPHIL-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPhil.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2014-09-20 16:24 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-06-30 15:14 - 2011-06-30 15:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-15 05:20 - 2011-03-15 05:20 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-09-19 21:52 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2014-09-19 21:52 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
2014-09-20 08:37 - 2014-09-20 08:37 - 00859144 _____ () C:\Users\Phil\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2011-09-13 09:35 - 2011-02-16 02:59 - 00015624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dll
2014-09-19 20:59 - 2014-09-04 11:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-19 20:59 - 2014-09-04 11:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-19 20:59 - 2014-09-04 11:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-19 20:59 - 2014-09-04 11:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-19 20:59 - 2014-09-04 11:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-19 20:59 - 2014-09-04 11:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:27FC7C9E
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:3DEB2C16
AlternateDataStreams: C:\ProgramData\Temp:4C1D9362
AlternateDataStreams: C:\ProgramData\Temp:72E6616C
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3569768352-949659789-3627985013-500 - Administrator - Disabled)
Guest (S-1-5-21-3569768352-949659789-3627985013-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3569768352-949659789-3627985013-1002 - Limited - Enabled)
Phil (S-1-5-21-3569768352-949659789-3627985013-1000 - Administrator - Enabled) => C:\Users\Phil
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/17/2014 07:09:32 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/16/2014 08:48:48 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/16/2014 08:43:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 37.0.2062.120, time stamp: 0x5407bf0e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x65657274
Faulting process id: 0xb34
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Error: (11/15/2014 11:27:26 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/15/2014 11:18:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OSDManager.exe, version: 1.0.0.1, time stamp: 0x4dfb8a67
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcdeca2
Exception code: 0xc0000005
Fault offset: 0x000539f5
Faulting process id: 0x13fc
Faulting application start time: 0xOSDManager.exe0
Faulting application path: OSDManager.exe1
Faulting module path: OSDManager.exe2
Report Id: OSDManager.exe3
Error: (11/15/2014 11:09:02 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/15/2014 11:04:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 37.0.2062.120, time stamp: 0x5407bf0e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x65657274
Faulting process id: 0x8f4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Error: (11/15/2014 10:59:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OSDManager.exe, version: 1.0.0.1, time stamp: 0x4dfb8a67
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcdeca2
Exception code: 0xc0000005
Fault offset: 0x000539f5
Faulting process id: 0xeb8
Faulting application start time: 0xOSDManager.exe0
Faulting application path: OSDManager.exe1
Faulting module path: OSDManager.exe2
Report Id: OSDManager.exe3
Error: (11/15/2014 08:31:36 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/15/2014 08:22:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OSDManager.exe, version: 1.0.0.1, time stamp: 0x4dfb8a67
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcdeca2
Exception code: 0xc0000005
Fault offset: 0x000539f5
Faulting process id: 0x129c
Faulting application start time: 0xOSDManager.exe0
Faulting application path: OSDManager.exe1
Faulting module path: OSDManager.exe2
Report Id: OSDManager.exe3
System errors:
=============
Error: (11/19/2014 08:57:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069
Error: (11/19/2014 08:57:36 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (11/19/2014 08:57:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069
Error: (11/19/2014 08:57:36 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (11/19/2014 08:57:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
Error: (11/19/2014 08:57:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CalendarSynchService service terminated unexpectedly. It has done this 1 time(s).
Error: (11/19/2014 08:57:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (11/19/2014 08:57:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (11/19/2014 08:57:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
Error: (11/19/2014 08:57:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).
Microsoft Office Sessions:
=========================
Error: (11/17/2014 07:09:32 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/16/2014 08:48:48 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/16/2014 08:43:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe37.0.2062.1205407bf0eunknown0.0.0.000000000c000000565657274b3401d0013632f4ef19C:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknown84e2c54f-6d29-11e4-a0ad-3860775df82f
Error: (11/15/2014 11:27:26 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/15/2014 11:18:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: OSDManager.exe1.0.0.14dfb8a67MFC80.DLL8.0.50727.61954dcdeca2c0000005000539f513fc01d00082c41977d6C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exeC:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL10019f09-6c76-11e4-95de-3860775df82f
Error: (11/15/2014 11:09:02 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/15/2014 11:04:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe37.0.2062.1205407bf0eunknown0.0.0.000000000c0000005656572748f401d000807c2c3295C:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknown1e83c6a7-6c74-11e4-90b9-3860775df82f
Error: (11/15/2014 10:59:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: OSDManager.exe1.0.0.14dfb8a67MFC80.DLL8.0.50727.61954dcdeca2c0000005000539f5eb801d00080216f0654C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exeC:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL6b28d3aa-6c73-11e4-90b9-3860775df82f
Error: (11/15/2014 08:31:36 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).
Error: (11/15/2014 08:22:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: OSDManager.exe1.0.0.14dfb8a67MFC80.DLL8.0.50727.61954dcdeca2c0000005000539f5129c01d0006a22b01b70C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exeC:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL6f84c8fa-6c5d-11e4-a1b1-3860775df82f
CodeIntegrity Errors:
===================================
Date: 2014-11-18 14:00:06.891
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-18 14:00:06.889
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-18 14:00:06.887
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-18 14:00:06.866
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-18 14:00:06.864
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-18 14:00:06.862
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-17 09:52:36.745
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-17 09:52:36.743
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-17 09:52:36.741
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-17 09:52:36.727
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Phil (administrator) on PHIL-HP on 19-11-2014 09:03:45
Running from C:\Users\Phil\Downloads
Loaded Profile: Phil (Available profiles: Phil)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Interesting Solutions) C:\ProgramData\JdsPdTQL\AZSVqPoewi.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(ICQ) C:\Users\Phil\AppData\Roaming\ICQM\icq.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-21] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-06-18] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [mbot_au_54] => [X]
HKLM-x32\...\Run: [mbot_au_52] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-07] (SUPERAntiSpyware)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [iMesh] => "C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --lightmode
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [icq] => C:\Users\Phil\AppData\Roaming\ICQM\icq.exe [35224128 2014-09-20] (ICQ)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3569768352-949659789-3627985013-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3569768352-949659789-3627985013-1000] => http=127.0.0.1:33976
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://services.freshy.com/general/newhometab.php?hometab=home&partner=10815&guid={ABB849B7-4ACC-4FA1-A251-34D5CB2F89FD}&i=
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A769B6DAAE6CF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> DefaultScope {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL =
SearchScopes: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> {26810A5F-1041-4808-8BAC-8B4940F7ED5C} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10815
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> No Name - {96B19418-0628-48F3-8784-1BF5FF11B309} - No File
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3569768352-949659789-3627985013-1000: iMeshPlugin -> C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-09-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.au.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.au.yahoo.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google
ageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-19]
CHR Extension: (Google Docs) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-19]
CHR Extension: (Google Drive) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09]
CHR Extension: (Kaspersky Protection) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-10-09]
CHR Extension: (YouTube) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-19]
CHR Extension: (Google Search) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-19]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-10-09]
CHR Extension: (Google Sheets) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-19]
CHR Extension: (Flipora: Mood-aware Website Recommendations) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnmfopkdlikmjcekmiclchejcpkapeji [2014-09-24]
CHR Extension: (Safe Money) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-10-11]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-10-11]
CHR Extension: (Virtual Keyboard) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-10-11]
CHR Extension: (TelevisionFanatic) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhllgfblonmjgobikneaoamdhneaecac [2014-10-18]
CHR Extension: (Google Wallet) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-19]
CHR Extension: (MapsGalaxy) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb [2014-10-05]
CHR Extension: (Gmail) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-19]
CHR Extension: (Anti-Banner) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-10-09]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-06-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-15] (Kaspersky Lab ZAO)
R2 AZSVqPoewi; C:\ProgramData\JdsPdTQL\AZSVqPoewi.exe [2726256 2014-11-08] (Interesting Solutions)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-06-18] (Portrait Displays, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 FintekCIR; C:\Windows\system32\drivers\FintekCIR.sys [30248 2009-11-13] (Fintek)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-10-09] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-15] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-15] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-10-09] (Kaspersky Lab ZAO)
R3 NWVoltron; C:\Windows\system32\drivers\NWVoltron.sys [28440 2011-06-24] ()
S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-24] (n/a)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-12] ()
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-19 09:03 - 2014-11-19 09:04 - 00024818 _____ () C:\Users\Phil\Downloads\FRST.txt
2014-11-19 09:03 - 2014-11-19 09:03 - 00000000 ____D () C:\FRST
2014-11-19 09:02 - 2014-11-19 09:03 - 02117120 _____ (Farbar) C:\Users\Phil\Downloads\FRST64.exe
2014-11-19 08:50 - 2014-11-19 08:51 - 02140160 _____ () C:\Users\Phil\Downloads\AdwCleaner.exe
2014-11-15 12:06 - 2014-11-15 12:06 - 00000000 __SHD () C:\Users\Phil\AppData\Local\EmieBrowserModeList
2014-11-15 11:14 - 2014-11-19 08:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 11:14 - 2014-11-15 12:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-15 11:14 - 2014-11-15 12:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-15 11:14 - 2014-11-15 12:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-15 09:55 - 2014-11-15 09:55 - 00003436 _____ () C:\Windows\System32\Tasks\PC Performer Scheduled Scan
2014-11-15 09:55 - 2014-11-15 09:55 - 00003248 _____ () C:\Windows\System32\Tasks\PC Performer Logon Scan
2014-11-15 09:55 - 2014-11-15 09:55 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\UnknownFile
2014-11-15 09:55 - 2014-09-12 09:23 - 03421696 _____ (Performersoft, LLC.) C:\Windows\performersoftsetup.dll
2014-11-14 21:31 - 2014-09-19 00:20 - 00012723 _____ () C:\Users\Phil\Documents\DriverRestore-License.txt
2014-11-14 20:23 - 2014-11-14 20:23 - 00000000 ____D () C:\Users\Phil\AppData\Local\Microsoft Help
2014-11-14 20:23 - 2014-11-14 20:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 08:13 - 2014-11-08 03:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 08:13 - 2014-11-08 03:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 08:13 - 2014-11-06 12:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 08:13 - 2014-11-06 12:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 08:13 - 2014-11-06 11:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 08:13 - 2014-11-06 11:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 08:13 - 2014-11-06 11:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 08:13 - 2014-11-06 11:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 08:13 - 2014-11-06 11:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 08:13 - 2014-11-06 11:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 08:13 - 2014-11-06 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 08:13 - 2014-11-06 11:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 08:13 - 2014-11-06 11:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 08:13 - 2014-11-06 11:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:13 - 2014-11-06 11:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 08:13 - 2014-11-06 11:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 08:13 - 2014-11-06 11:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 08:13 - 2014-11-06 11:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:13 - 2014-11-06 11:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 08:13 - 2014-11-06 11:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:13 - 2014-11-06 11:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:13 - 2014-11-06 11:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 08:13 - 2014-11-06 11:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 08:13 - 2014-11-06 11:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 08:13 - 2014-11-06 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 08:13 - 2014-11-06 11:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 08:13 - 2014-11-06 10:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 08:13 - 2014-11-06 10:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 08:13 - 2014-11-06 10:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 08:13 - 2014-11-06 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 08:13 - 2014-11-06 10:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:13 - 2014-11-06 10:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 08:13 - 2014-11-06 10:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 08:13 - 2014-11-06 10:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 08:13 - 2014-11-06 10:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 08:13 - 2014-11-06 10:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 08:13 - 2014-11-06 10:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 08:13 - 2014-11-06 10:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 08:13 - 2014-11-06 10:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 08:13 - 2014-11-06 10:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 08:13 - 2014-11-06 10:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 08:13 - 2014-11-06 10:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:13 - 2014-11-06 10:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 08:13 - 2014-11-06 10:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 08:13 - 2014-11-06 09:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 08:13 - 2014-11-06 09:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 08:13 - 2014-11-06 09:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 08:13 - 2014-11-06 09:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 08:12 - 2014-11-06 12:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 08:12 - 2014-11-06 11:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 08:12 - 2014-11-06 11:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 08:12 - 2014-11-06 11:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 08:12 - 2014-11-06 11:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 08:12 - 2014-11-06 11:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 08:12 - 2014-11-06 10:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 08:12 - 2014-11-06 10:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 07:53 - 2014-10-14 10:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 07:53 - 2014-10-14 10:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 07:53 - 2014-10-14 10:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 07:53 - 2014-10-14 10:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 07:53 - 2014-10-14 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 07:53 - 2014-10-14 09:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 07:53 - 2014-10-14 09:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 07:53 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 07:53 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 07:48 - 2014-10-25 09:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 07:48 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 07:48 - 2014-10-14 10:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 07:48 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 07:48 - 2014-10-10 08:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 07:48 - 2014-10-03 10:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 07:48 - 2014-08-21 14:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 07:48 - 2014-08-21 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 07:48 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 07:48 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 07:48 - 2014-08-12 10:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 07:48 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 07:47 - 2014-10-18 10:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 07:47 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 07:35 - 2014-11-13 07:36 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Maxthon3
2014-11-13 07:35 - 2014-11-13 07:35 - 00003578 _____ () C:\Windows\System32\Tasks\Maxthon Update
2014-11-13 07:35 - 2014-11-13 07:35 - 00001083 _____ () C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk
2014-11-13 07:35 - 2014-11-13 07:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
2014-11-13 07:35 - 2014-11-13 07:35 - 00000000 ____D () C:\Program Files (x86)\Maxthon
2014-11-12 12:06 - 2014-11-12 12:06 - 00001963 _____ () C:\Users\Public\Desktop\Play Aerial Mahjong.lnk
2014-11-12 12:06 - 2014-11-12 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerial Mahjong
2014-11-12 12:06 - 2014-11-12 12:06 - 00000000 ____D () C:\Program Files (x86)\Aerial Mahjong
2014-11-11 21:01 - 2014-11-11 21:01 - 00000000 ____D () C:\InstaShare
2014-11-11 09:42 - 2014-11-11 09:42 - 00258661 _____ () C:\Users\Phil\Documents\Clyde1.htm
2014-11-11 09:42 - 2014-11-11 09:42 - 00000000 ____D () C:\Users\Phil\Documents\Clyde1_files
2014-11-08 20:01 - 2014-11-19 09:02 - 00000000 ____D () C:\Users\Phil\AppData\Local\InstaShare
2014-11-08 20:00 - 2014-11-08 20:00 - 00000000 ____D () C:\ProgramData\JdsPdTQL
2014-11-08 19:59 - 2014-11-08 19:59 - 00000000 ____D () C:\Users\Phil\AppData\Local\TNT2
2014-11-08 19:59 - 2014-11-08 19:59 - 00000000 ____D () C:\Program Files (x86)\TNT2
2014-11-06 14:25 - 2014-11-06 14:25 - 00000000 ____D () C:\ProgramData\Sophos
2014-11-06 14:24 - 2014-11-06 14:25 - 00003201 _____ () C:\Users\Phil\Desktop\Sophos Virus Removal Tool.lnk
2014-11-06 14:24 - 2014-11-06 14:24 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-06 14:24 - 2014-11-06 14:24 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-11-03 07:22 - 2014-11-18 07:44 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForPhil.job
2014-11-03 07:22 - 2014-11-17 07:04 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPhil
2014-10-25 09:29 - 2014-10-25 09:29 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-25 09:29 - 2014-10-25 09:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-25 09:29 - 2014-10-25 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-23 08:41 - 2014-10-23 08:41 - 00025587 _____ () C:\Users\Phil\Documents\AdwCleaner[S0].txt
2014-10-23 08:33 - 2014-11-19 08:56 - 00000000 ____D () C:\AdwCleaner
2014-10-23 08:00 - 2014-10-23 08:00 - 00000000 ____D () C:\ProgramData\812E
2014-10-22 10:05 - 2014-11-12 12:06 - 00001258 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-10-22 10:05 - 2014-10-22 10:05 - 00002117 _____ () C:\Users\Public\Desktop\Play Mahjong Escape Ancient China.lnk
2014-10-22 10:05 - 2014-10-22 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mahjong Escape Ancient China
2014-10-22 10:05 - 2014-10-22 10:05 - 00000000 ____D () C:\Program Files (x86)\Mahjong Escape Ancient China
2014-10-22 08:16 - 2014-10-22 08:16 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-20 22:37 - 2014-10-20 22:37 - 00139488 _____ () C:\Windows\SysWOW64\XMLOperations.xml
2014-10-20 10:35 - 2014-11-18 20:43 - 00002166 _____ () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-20 06:33 - 2014-10-20 06:33 - 00000000 ____D () C:\ProgramData\2B37F
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-19 09:02 - 2014-09-19 20:34 - 01590392 _____ () C:\Windows\WindowsUpdate.log
2014-11-19 08:59 - 2014-09-20 08:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-19 08:58 - 2014-10-09 14:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-19 08:58 - 2014-09-19 20:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-19 08:58 - 2011-09-13 09:39 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-19 08:58 - 2010-11-21 11:47 - 01581360 _____ () C:\Windows\PFRO.log
2014-11-19 08:58 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 08:58 - 2009-07-14 12:51 - 00044989 _____ () C:\Windows\setupact.log
2014-11-19 08:44 - 2011-09-13 09:20 - 00000000 ____D () C:\ProgramData\Temp
2014-11-19 08:14 - 2014-09-19 20:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-19 08:08 - 2014-09-20 10:39 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Skype
2014-11-19 07:14 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-19 07:14 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-18 20:36 - 2011-09-13 09:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
2014-11-18 20:22 - 2014-09-19 20:43 - 00001845 _____ () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-18 13:24 - 2014-09-19 20:43 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0CF25CEB-2826-48CC-85E5-500F3D6BCD1E}
2014-11-17 20:39 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-17 14:50 - 2013-11-20 11:15 - 00000000 ____D () C:\Users\Phil\Documents\OTHERS
2014-11-16 08:43 - 2014-09-20 21:05 - 00000000 ____D () C:\Users\Phil\AppData\Local\CrashDumps
2014-11-15 22:48 - 2014-09-28 09:00 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\SoftGrid Client
2014-11-15 16:21 - 2014-09-20 16:47 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-15 16:20 - 2014-10-11 16:37 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-15 12:13 - 2013-12-01 10:38 - 00000000 ____D () C:\Users\Phil\Documents\Bethanie
2014-11-15 12:09 - 2014-09-25 10:46 - 00000000 ____D () C:\Users\Phil\AppData\Local\Adobe
2014-11-15 11:16 - 2009-07-14 13:08 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-15 10:45 - 2011-09-13 09:28 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-11-15 10:45 - 2011-09-13 09:27 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-15 10:45 - 2011-09-13 09:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-15 09:55 - 2009-07-14 10:34 - 00000501 _____ () C:\Windows\win.ini
2014-11-14 12:39 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 07:55 - 2009-07-14 12:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 23:17 - 2014-09-20 10:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 23:12 - 2014-09-20 10:57 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 23:09 - 2014-09-19 20:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 23:09 - 2014-09-19 20:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 23:38 - 2014-10-12 09:11 - 00000000 ____D () C:\BigFishCache
2014-11-10 19:35 - 2014-10-15 08:38 - 06160384 _____ () C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯慤
2014-11-08 19:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Resources
2014-11-08 09:42 - 2014-09-19 21:09 - 00000000 ____D () C:\Users\Phil\AppData\Local\Microsoft Games
2014-11-06 12:02 - 2014-10-11 13:14 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-11-04 21:34 - 2014-09-19 21:34 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPHIL-HP$
2014-11-04 21:34 - 2014-09-19 21:34 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForPHIL-HP$.job
2014-11-04 14:30 - 2010-11-21 11:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-02 00:16 - 2014-10-09 14:18 - 00002332 _____ () C:\Users\Phil\Desktop\Safe Money.lnk
2014-11-01 20:59 - 2014-10-09 14:18 - 00001126 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-10-31 10:54 - 2014-04-25 10:23 - 00000000 ____D () C:\Users\Phil\Documents\Social Club
2014-10-30 07:16 - 2014-10-15 16:25 - 00000000 ____D () C:\Users\Phil\AppData\Local\ApplicationDatabaseTrash
2014-10-28 14:04 - 2014-09-19 20:36 - 00000000 ____D () C:\Users\Phil
2014-10-28 12:05 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-27 21:13 - 2014-09-20 16:30 - 00000000 ____D () C:\Users\Phil\Documents\My Received Files
2014-10-25 09:29 - 2014-09-20 10:39 - 00000000 ____D () C:\Users\Phil\AppData\Local\Skype
2014-10-25 09:29 - 2014-09-20 10:38 - 00000000 ____D () C:\ProgramData\Skype
2014-10-23 07:48 - 2014-09-19 20:37 - 00000000 ____D () C:\Users\Phil\AppData\Local\TouchSmartData
2014-10-23 07:47 - 2014-10-15 16:25 - 00000000 ____D () C:\Windows\SysWOW64\DatabaseMotionWin32
2014-10-22 10:05 - 2014-09-26 20:14 - 00000000 ____D () C:\Users\Phil\AppData\Local\JollyBear
2014-10-22 10:05 - 2014-09-26 20:14 - 00000000 ____D () C:\ProgramData\JollyBear
2014-10-21 10:59 - 2014-10-14 21:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-21 10:59 - 2014-10-14 21:02 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-21 10:59 - 2014-10-10 07:53 - 00001318 _____ () C:\Windows\wininit.ini
Some content of TEMP:
====================
C:\Users\Phil\AppData\Local\Temp\-cktc5x4.dll
C:\Users\Phil\AppData\Local\Temp\228488-676829-adobe-flash-player.exe
C:\Users\Phil\AppData\Local\Temp\certutil.exe
C:\Users\Phil\AppData\Local\Temp\CloudBackup937.exe
C:\Users\Phil\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Phil\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Phil\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Phil\AppData\Local\Temp\msvcr71.dll
C:\Users\Phil\AppData\Local\Temp\nspr4.dll
C:\Users\Phil\AppData\Local\Temp\nss3.dll
C:\Users\Phil\AppData\Local\Temp\optprosetup.exe
C:\Users\Phil\AppData\Local\Temp\plc4.dll
C:\Users\Phil\AppData\Local\Temp\plds4.dll
C:\Users\Phil\AppData\Local\Temp\Quarantine.exe
C:\Users\Phil\AppData\Local\Temp\SHelp2.exe
C:\Users\Phil\AppData\Local\Temp\smime3.dll
C:\Users\Phil\AppData\Local\Temp\softokn3.dll
C:\Users\Phil\AppData\Local\Temp\sqlite3.dll
C:\Users\Phil\AppData\Local\Temp\thcumjhk.dll
C:\Users\Phil\AppData\Local\Temp\w0xqvjwv.dll
C:\Users\Phil\AppData\Local\Temp\we5jtynu.dll
C:\Users\Phil\AppData\Local\Temp\zz7ts6bs.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-15 12:31
==================== End Of Log ============================
Malwarebytes found a lot of PUP's (potentially unwanted programs) so it would be a good idea to run it again to make sure there are no left overs. Please go through the instructions again before you run it to make the correct settings, Rootkit detection should have been enabled, the log shows it wasn't.
I also requested another scan with Adwcleaner and for you to post the new log. Please also confirm that you ran TFC and answer my question about a Proxy server.
Please make sure you read all the instructions I give you and respond accordingly or this will just take longer to complete, every time you miss something I need to make additional posts. Please also make sure you post complete logs, there is a bit missing off the end of the Malwarebytes log.
I also requested another scan with Adwcleaner and for you to post the new log. Please also confirm that you ran TFC and answer my question about a Proxy server.
Please make sure you read all the instructions I give you and respond accordingly or this will just take longer to complete, every time you miss something I need to make additional posts. Please also make sure you post complete logs, there is a bit missing off the end of the Malwarebytes log
.
Ok, we have a clean log from Malwarebytes, but not from Adwcleaner, please run Adwcleaner again and post the new log.
You have still not confirmed that you ran TFC, I cannot proceed with an FRST fix until I know for sure you have done this, please pay a little more attention.
Why have you posted a copy of my first post from your email. When you make a post you should look back to check it is all correct, you can use the orange Edit button at the bottom of the post to edit any mistakes or to add something you have missed.
You have still not confirmed that you ran TFC, I cannot proceed with an FRST fix until I know for sure you have done this, please pay a little more attention
.Why have you posted a copy of my first post from your email
. When you make a post you should look back to check it is all correct, you can use the orange Edit button at the bottom of the post to edit any mistakes or to add something you have missed.# AdwCleaner v4.101 - Report created 22/11/2014 at 11:10:02
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Phil - PHIL-HP
# Running from : C:\Users\Phil\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Google Chrome v37.0.2062.120
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1411011022&from=obw&uid=HitachiXHDS721010CLA632_JP2940J829L7YV29L7YVX&q={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1411011022&from=obw&uid=HitachiXHDS721010CLA632_JP2940J829L7YV29L7YVX&q={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.findwide.com/serp?guid={394B92AB-81D0-498E-812F-DAFC94BB93DA}&action=default_search&k={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.findwide.com/serp?guid={394B92AB-81D0-498E-812F-DAFC94BB93DA}&action=default_search&k={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.findwide.com/serp?guid={89DCF1A8-0050-47CE-8DDB-C4887E79F265}&action=default_search&serpv=22&k={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.findwide.com/serp?guid={89DCF1A8-0050-47CE-8DDB-C4887E79F265}&action=default_search&serpv=22&k={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1411011022&from=obw&uid=HitachiXHDS721010CLA632_JP2940J829L7YV29L7YVX&q={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1411011022&from=obw&uid=HitachiXHDS721010CLA632_JP2940J829L7YV29L7YVX&q={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=40&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=0721217432854832&q={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412842935&from=tugs&uid=HitachiXHDS721010CLA632_JP2940J829L7YV29L7YVX&q={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412842935&from=tugs&uid=HitachiXHDS721010CLA632_JP2940J829L7YV29L7YVX&q={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN29323827421288614&ctid=CT3315042&UM=2
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN29323827421288614&ctid=CT3315042&UM=2
*************************
AdwCleaner[R0].txt - [28082 octets] - [23/10/2014 08:33:17]
AdwCleaner[R1].txt - [5174 octets] - [19/11/2014 08:52:05]
AdwCleaner[R2].txt - [1383 octets] - [21/11/2014 16:14:10]
AdwCleaner[R3].txt - [4199 octets] - [22/11/2014 11:00:06]
AdwCleaner[S0].txt - [25587 octets] - [23/10/2014 08:36:34]
AdwCleaner[S1].txt - [4537 octets] - [19/11/2014 08:56:44]
AdwCleaner[S2].txt - [1313 octets] - [21/11/2014 16:16:54]
AdwCleaner[S3].txt - [4148 octets] - [22/11/2014 11:10:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [4208 octets] ##########
can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-11-2014
Ran by Phil (administrator) on PHIL-HP on 22-11-2014 11:16:44
Running from C:\Users\Phil\Downloads
Loaded Profile: Phil (Available profiles: Phil)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ICQ) C:\Users\Phil\AppData\Roaming\ICQM\icq.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-21] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-06-18] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-07] (SUPERAntiSpyware)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [iMesh] => "C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --lightmode
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [icq] => C:\Users\Phil\AppData\Roaming\ICQM\icq.exe [35224128 2014-09-20] (ICQ)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3569768352-949659789-3627985013-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3569768352-949659789-3627985013-1000] => http=127.0.0.1:33976
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://services.freshy.com/general/newhometab.php?hometab=home&partner=10815&guid={ABB849B7-4ACC-4FA1-A251-34D5CB2F89FD}&i=
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A769B6DAAE6CF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> DefaultScope {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL =
SearchScopes: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> {26810A5F-1041-4808-8BAC-8B4940F7ED5C} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10815
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> No Name - {96B19418-0628-48F3-8784-1BF5FF11B309} - No File
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3569768352-949659789-3627985013-1000: iMeshPlugin -> C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-09-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKU\.DEFAULT\...\Firefox\Extensions: [{30CD3668-32CE-DBFB-FA36-13792B87731B}] - C:\Program Files (x86)\ver7SpeeditUp\179.xpi
FF HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: Default -> hxxp://www.au.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.au.yahoo.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{googleageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-19]
CHR Extension: (Google Docs) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-19]
CHR Extension: (Google Drive) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09]
CHR Extension: (Kaspersky Protection) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-10-09]
CHR Extension: (YouTube) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-19]
CHR Extension: (Google Search) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-19]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-10-09]
CHR Extension: (Google Sheets) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-19]
CHR Extension: (Flipora: Mood-aware Website Recommendations) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnmfopkdlikmjcekmiclchejcpkapeji [2014-09-24]
CHR Extension: (Safe Money) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-10-11]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-10-11]
CHR Extension: (Virtual Keyboard) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-10-11]
CHR Extension: (TelevisionFanatic) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhllgfblonmjgobikneaoamdhneaecac [2014-10-18]
CHR Extension: (Google Wallet) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-19]
CHR Extension: (Gmail) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-19]
CHR Extension: (Anti-Banner) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-10-09]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-06-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-15] (Kaspersky Lab ZAO)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-06-18] (Portrait Displays, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 FintekCIR; C:\Windows\system32\drivers\FintekCIR.sys [30248 2009-11-13] (Fintek)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-10-09] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-15] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-15] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-10-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NWVoltron; C:\Windows\system32\drivers\NWVoltron.sys [28440 2011-06-24] ()
S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-24] (n/a)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-12] ()
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-22 11:15 - 2014-11-22 11:15 - 00000000 ____D () C:\Users\Phil\Downloads\FRST-OlderVersion
2014-11-21 15:56 - 2014-11-21 15:56 - 00448512 _____ (OldTimer Tools) C:\Users\Phil\Downloads\TFC (1).exe
2014-11-20 16:29 - 2014-11-20 16:29 - 00090591 _____ () C:\Malware1.txt
2014-11-20 16:04 - 2014-11-22 11:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-20 16:03 - 2014-11-20 16:03 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-20 16:03 - 2014-11-20 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-20 16:03 - 2014-11-20 16:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-20 16:03 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-20 16:03 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-20 16:03 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-20 16:00 - 2014-11-20 16:02 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Phil\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-20 15:55 - 2014-11-20 15:55 - 00448512 _____ (OldTimer Tools) C:\Users\Phil\Downloads\TFC.exe
2014-11-20 04:39 - 2014-11-20 04:40 - 03845232 _____ () C:\Users\Phil\Downloads\sbsetup.exe
2014-11-20 04:35 - 2014-11-20 08:17 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForPhil.job
2014-11-20 04:35 - 2014-11-20 04:35 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPhil
2014-11-19 09:47 - 2014-11-19 09:47 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-11-19 09:05 - 2014-11-19 09:06 - 00037602 _____ () C:\Users\Phil\Downloads\Addition.txt
2014-11-19 09:03 - 2014-11-22 11:16 - 00025446 _____ () C:\Users\Phil\Downloads\FRST.txt
2014-11-19 09:03 - 2014-11-22 11:16 - 00000000 ____D () C:\FRST
2014-11-19 09:02 - 2014-11-22 11:15 - 02117632 _____ (Farbar) C:\Users\Phil\Downloads\FRST64.exe
2014-11-19 08:50 - 2014-11-19 08:51 - 02140160 _____ () C:\Users\Phil\Downloads\AdwCleaner.exe
2014-11-19 07:14 - 2014-11-11 11:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 07:14 - 2014-11-11 11:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 07:14 - 2014-11-11 10:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 07:14 - 2014-11-11 10:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-15 12:06 - 2014-11-15 12:06 - 00000000 __SHD () C:\Users\Phil\AppData\Local\EmieBrowserModeList
2014-11-15 11:14 - 2014-11-22 11:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 11:14 - 2014-11-15 12:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-15 11:14 - 2014-11-15 12:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-15 11:14 - 2014-11-15 12:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-15 09:55 - 2014-11-15 09:55 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\UnknownFile
2014-11-14 21:31 - 2014-09-19 00:20 - 00012723 _____ () C:\Users\Phil\Documents\DriverRestore-License.txt
2014-11-14 20:23 - 2014-11-14 20:23 - 00000000 ____D () C:\Users\Phil\AppData\Local\Microsoft Help
2014-11-14 20:23 - 2014-11-14 20:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 08:13 - 2014-11-08 03:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 08:13 - 2014-11-08 03:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 08:13 - 2014-11-06 12:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 08:13 - 2014-11-06 12:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 08:13 - 2014-11-06 11:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 08:13 - 2014-11-06 11:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 08:13 - 2014-11-06 11:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 08:13 - 2014-11-06 11:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 08:13 - 2014-11-06 11:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 08:13 - 2014-11-06 11:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 08:13 - 2014-11-06 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 08:13 - 2014-11-06 11:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 08:13 - 2014-11-06 11:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 08:13 - 2014-11-06 11:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:13 - 2014-11-06 11:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 08:13 - 2014-11-06 11:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 08:13 - 2014-11-06 11:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 08:13 - 2014-11-06 11:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:13 - 2014-11-06 11:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 08:13 - 2014-11-06 11:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:13 - 2014-11-06 11:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:13 - 2014-11-06 11:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 08:13 - 2014-11-06 11:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 08:13 - 2014-11-06 11:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 08:13 - 2014-11-06 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 08:13 - 2014-11-06 11:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 08:13 - 2014-11-06 10:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 08:13 - 2014-11-06 10:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 08:13 - 2014-11-06 10:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 08:13 - 2014-11-06 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 08:13 - 2014-11-06 10:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:13 - 2014-11-06 10:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 08:13 - 2014-11-06 10:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 08:13 - 2014-11-06 10:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 08:13 - 2014-11-06 10:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 08:13 - 2014-11-06 10:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 08:13 - 2014-11-06 10:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 08:13 - 2014-11-06 10:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 08:13 - 2014-11-06 10:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 08:13 - 2014-11-06 10:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 08:13 - 2014-11-06 10:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 08:13 - 2014-11-06 10:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:13 - 2014-11-06 10:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 08:13 - 2014-11-06 10:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 08:13 - 2014-11-06 09:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 08:13 - 2014-11-06 09:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 08:13 - 2014-11-06 09:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 08:13 - 2014-11-06 09:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 08:12 - 2014-11-06 12:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 08:12 - 2014-11-06 11:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 08:12 - 2014-11-06 11:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 08:12 - 2014-11-06 11:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 08:12 - 2014-11-06 11:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 08:12 - 2014-11-06 11:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 08:12 - 2014-11-06 10:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 08:12 - 2014-11-06 10:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 07:53 - 2014-10-14 10:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 07:53 - 2014-10-14 10:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 07:53 - 2014-10-14 10:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 07:53 - 2014-10-14 10:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 07:53 - 2014-10-14 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 07:53 - 2014-10-14 09:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 07:53 - 2014-10-14 09:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 07:53 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 07:53 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 07:48 - 2014-10-25 09:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 07:48 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 07:48 - 2014-10-14 10:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 07:48 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 07:48 - 2014-10-10 08:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 07:48 - 2014-10-03 10:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 07:48 - 2014-08-21 14:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 07:48 - 2014-08-21 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 07:48 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 07:48 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 07:48 - 2014-08-12 10:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 07:48 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 07:47 - 2014-10-18 10:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 07:47 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 07:35 - 2014-11-13 07:36 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Maxthon3
2014-11-13 07:35 - 2014-11-13 07:35 - 00003578 _____ () C:\Windows\System32\Tasks\Maxthon Update
2014-11-13 07:35 - 2014-11-13 07:35 - 00001083 _____ () C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk
2014-11-13 07:35 - 2014-11-13 07:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
2014-11-13 07:35 - 2014-11-13 07:35 - 00000000 ____D () C:\Program Files (x86)\Maxthon
2014-11-12 12:06 - 2014-11-12 12:06 - 00001963 _____ () C:\Users\Public\Desktop\Play Aerial Mahjong.lnk
2014-11-12 12:06 - 2014-11-12 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerial Mahjong
2014-11-12 12:06 - 2014-11-12 12:06 - 00000000 ____D () C:\Program Files (x86)\Aerial Mahjong
2014-11-11 21:01 - 2014-11-11 21:01 - 00000000 ____D () C:\InstaShare
2014-11-11 09:42 - 2014-11-11 09:42 - 00258661 _____ () C:\Users\Phil\Documents\Clyde1.htm
2014-11-11 09:42 - 2014-11-11 09:42 - 00000000 ____D () C:\Users\Phil\Documents\Clyde1_files
2014-11-08 20:00 - 2014-11-20 16:20 - 00000000 ____D () C:\ProgramData\JdsPdTQL
2014-11-06 14:25 - 2014-11-06 14:25 - 00000000 ____D () C:\ProgramData\Sophos
2014-11-06 14:24 - 2014-11-06 14:25 - 00003201 _____ () C:\Users\Phil\Desktop\Sophos Virus Removal Tool.lnk
2014-11-06 14:24 - 2014-11-06 14:24 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-06 14:24 - 2014-11-06 14:24 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-10-25 09:29 - 2014-10-25 09:29 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-25 09:29 - 2014-10-25 09:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-25 09:29 - 2014-10-25 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-23 08:41 - 2014-10-23 08:41 - 00025587 _____ () C:\Users\Phil\Documents\AdwCleaner[S0].txt
2014-10-23 08:33 - 2014-11-22 11:10 - 00000000 ____D () C:\AdwCleaner
2014-10-23 08:00 - 2014-10-23 08:00 - 00000000 ____D () C:\ProgramData\812E
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-22 11:14 - 2014-09-19 20:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-22 11:13 - 2014-09-20 08:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-22 11:12 - 2014-10-09 14:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-22 11:12 - 2014-09-19 20:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-22 11:11 - 2011-09-13 09:39 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-22 11:11 - 2010-11-21 11:47 - 01748978 _____ () C:\Windows\PFRO.log
2014-11-22 11:11 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-22 11:11 - 2009-07-14 12:51 - 00045437 _____ () C:\Windows\setupact.log
2014-11-22 11:10 - 2014-09-19 20:34 - 01284151 _____ () C:\Windows\WindowsUpdate.log
2014-11-22 10:58 - 2011-09-13 09:20 - 00000000 ____D () C:\ProgramData\Temp
2014-11-22 09:36 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-22 09:36 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 15:56 - 2014-09-28 09:00 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\SoftGrid Client
2014-11-21 15:28 - 2014-09-19 20:43 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0CF25CEB-2826-48CC-85E5-500F3D6BCD1E}
2014-11-21 09:09 - 2013-12-01 10:39 - 00000000 ____D () C:\Users\Phil\Documents\Personal
2014-11-21 09:09 - 2013-12-01 10:38 - 00000000 ____D () C:\Users\Phil\Documents\Bethanie
2014-11-20 16:17 - 2014-10-15 16:25 - 00000000 ____D () C:\Users\Phil\AppData\Local\ApplicationDatabaseTrash
2014-11-20 10:22 - 2014-09-20 21:05 - 00000000 ____D () C:\Users\Phil\AppData\Local\CrashDumps
2014-11-19 09:44 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-19 08:08 - 2014-09-20 10:39 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Skype
2014-11-18 20:43 - 2014-10-20 10:35 - 00002166 _____ () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-11-18 20:36 - 2011-09-13 09:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
2014-11-18 20:22 - 2014-09-19 20:43 - 00001845 _____ () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-17 14:50 - 2013-11-20 11:15 - 00000000 ____D () C:\Users\Phil\Documents\OTHERS
2014-11-15 16:21 - 2014-09-20 16:47 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-15 16:20 - 2014-10-11 16:37 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-15 12:09 - 2014-09-25 10:46 - 00000000 ____D () C:\Users\Phil\AppData\Local\Adobe
2014-11-15 11:16 - 2009-07-14 13:08 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-15 10:45 - 2011-09-13 09:28 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-11-15 10:45 - 2011-09-13 09:27 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-15 10:45 - 2011-09-13 09:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-15 09:55 - 2009-07-14 10:34 - 00000501 _____ () C:\Windows\win.ini
2014-11-14 12:39 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 07:55 - 2009-07-14 12:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 23:17 - 2014-09-20 10:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 23:12 - 2014-09-20 10:57 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 23:09 - 2014-09-19 20:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 23:09 - 2014-09-19 20:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 23:38 - 2014-10-12 09:11 - 00000000 ____D () C:\BigFishCache
2014-11-12 12:06 - 2014-10-22 10:05 - 00001258 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-11-10 19:35 - 2014-10-15 08:38 - 06160384 _____ () C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯慤
2014-11-08 19:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Resources
2014-11-08 09:42 - 2014-09-19 21:09 - 00000000 ____D () C:\Users\Phil\AppData\Local\Microsoft Games
2014-11-06 12:02 - 2014-10-11 13:14 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-11-04 21:34 - 2014-09-19 21:34 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPHIL-HP$
2014-11-04 21:34 - 2014-09-19 21:34 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForPHIL-HP$.job
2014-11-04 14:30 - 2010-11-21 11:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-02 00:16 - 2014-10-09 14:18 - 00002332 _____ () C:\Users\Phil\Desktop\Safe Money.lnk
2014-11-01 20:59 - 2014-10-09 14:18 - 00001126 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-10-31 10:54 - 2014-04-25 10:23 - 00000000 ____D () C:\Users\Phil\Documents\Social Club
2014-10-28 14:04 - 2014-09-19 20:36 - 00000000 ____D () C:\Users\Phil
2014-10-28 12:05 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-27 21:13 - 2014-09-20 16:30 - 00000000 ____D () C:\Users\Phil\Documents\My Received Files
2014-10-25 09:29 - 2014-09-20 10:39 - 00000000 ____D () C:\Users\Phil\AppData\Local\Skype
2014-10-25 09:29 - 2014-09-20 10:38 - 00000000 ____D () C:\ProgramData\Skype
2014-10-23 07:48 - 2014-09-19 20:37 - 00000000 ____D () C:\Users\Phil\AppData\Local\TouchSmartData
2014-10-23 07:47 - 2014-10-15 16:25 - 00000000 ____D () C:\Windows\SysWOW64\DatabaseMotionWin32
Some content of TEMP:
====================
C:\Users\Phil\AppData\Local\Temp\Quarantine.exe
C:\Users\Phil\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-15 12:31
==================== End Of Log ============================
Latest scan results and yes TFC was run prior to the other 2 scans
Phil T
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Phil - PHIL-HP
# Running from : C:\Users\Phil\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Google Chrome v37.0.2062.120
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1411011022&from=obw&uid=HitachiXHDS721010CLA632_JP2940J829L7YV29L7YVX&q={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1411011022&from=obw&uid=HitachiXHDS721010CLA632_JP2940J829L7YV29L7YVX&q={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.findwide.com/serp?guid={394B92AB-81D0-498E-812F-DAFC94BB93DA}&action=default_search&k={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.findwide.com/serp?guid={394B92AB-81D0-498E-812F-DAFC94BB93DA}&action=default_search&k={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.findwide.com/serp?guid={89DCF1A8-0050-47CE-8DDB-C4887E79F265}&action=default_search&serpv=22&k={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.findwide.com/serp?guid={89DCF1A8-0050-47CE-8DDB-C4887E79F265}&action=default_search&serpv=22&k={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1411011022&from=obw&uid=HitachiXHDS721010CLA632_JP2940J829L7YV29L7YVX&q={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1411011022&from=obw&uid=HitachiXHDS721010CLA632_JP2940J829L7YV29L7YVX&q={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=40&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=0721217432854832&q={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412842935&from=tugs&uid=HitachiXHDS721010CLA632_JP2940J829L7YV29L7YVX&q={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412842935&from=tugs&uid=HitachiXHDS721010CLA632_JP2940J829L7YV29L7YVX&q={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN29323827421288614&ctid=CT3315042&UM=2
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN29323827421288614&ctid=CT3315042&UM=2
*************************
AdwCleaner[R0].txt - [28082 octets] - [23/10/2014 08:33:17]
AdwCleaner[R1].txt - [5174 octets] - [19/11/2014 08:52:05]
AdwCleaner[R2].txt - [1383 octets] - [21/11/2014 16:14:10]
AdwCleaner[R3].txt - [4199 octets] - [22/11/2014 11:00:06]
AdwCleaner[S0].txt - [25587 octets] - [23/10/2014 08:36:34]
AdwCleaner[S1].txt - [4537 octets] - [19/11/2014 08:56:44]
AdwCleaner[S2].txt - [1313 octets] - [21/11/2014 16:16:54]
AdwCleaner[S3].txt - [4148 octets] - [22/11/2014 11:10:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [4208 octets] ##########
can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-11-2014
Ran by Phil (administrator) on PHIL-HP on 22-11-2014 11:16:44
Running from C:\Users\Phil\Downloads
Loaded Profile: Phil (Available profiles: Phil)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ICQ) C:\Users\Phil\AppData\Roaming\ICQM\icq.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-21] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-06-18] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-07] (SUPERAntiSpyware)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [iMesh] => "C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --lightmode
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [icq] => C:\Users\Phil\AppData\Roaming\ICQM\icq.exe [35224128 2014-09-20] (ICQ)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3569768352-949659789-3627985013-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3569768352-949659789-3627985013-1000] => http=127.0.0.1:33976
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://services.freshy.com/general/newhometab.php?hometab=home&partner=10815&guid={ABB849B7-4ACC-4FA1-A251-34D5CB2F89FD}&i=
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A769B6DAAE6CF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> DefaultScope {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL =
SearchScopes: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> {26810A5F-1041-4808-8BAC-8B4940F7ED5C} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10815
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> No Name - {96B19418-0628-48F3-8784-1BF5FF11B309} - No File
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3569768352-949659789-3627985013-1000: iMeshPlugin -> C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-09-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKU\.DEFAULT\...\Firefox\Extensions: [{30CD3668-32CE-DBFB-FA36-13792B87731B}] - C:\Program Files (x86)\ver7SpeeditUp\179.xpi
FF HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: Default -> hxxp://www.au.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.au.yahoo.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google
ageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-19]
CHR Extension: (Google Docs) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-19]
CHR Extension: (Google Drive) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09]
CHR Extension: (Kaspersky Protection) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-10-09]
CHR Extension: (YouTube) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-19]
CHR Extension: (Google Search) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-19]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-10-09]
CHR Extension: (Google Sheets) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-19]
CHR Extension: (Flipora: Mood-aware Website Recommendations) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnmfopkdlikmjcekmiclchejcpkapeji [2014-09-24]
CHR Extension: (Safe Money) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-10-11]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-10-11]
CHR Extension: (Virtual Keyboard) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-10-11]
CHR Extension: (TelevisionFanatic) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhllgfblonmjgobikneaoamdhneaecac [2014-10-18]
CHR Extension: (Google Wallet) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-19]
CHR Extension: (Gmail) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-19]
CHR Extension: (Anti-Banner) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-10-09]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-06-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-15] (Kaspersky Lab ZAO)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-06-18] (Portrait Displays, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 FintekCIR; C:\Windows\system32\drivers\FintekCIR.sys [30248 2009-11-13] (Fintek)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-10-09] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-15] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-15] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-10-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NWVoltron; C:\Windows\system32\drivers\NWVoltron.sys [28440 2011-06-24] ()
S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-24] (n/a)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-12] ()
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-22 11:15 - 2014-11-22 11:15 - 00000000 ____D () C:\Users\Phil\Downloads\FRST-OlderVersion
2014-11-21 15:56 - 2014-11-21 15:56 - 00448512 _____ (OldTimer Tools) C:\Users\Phil\Downloads\TFC (1).exe
2014-11-20 16:29 - 2014-11-20 16:29 - 00090591 _____ () C:\Malware1.txt
2014-11-20 16:04 - 2014-11-22 11:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-20 16:03 - 2014-11-20 16:03 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-20 16:03 - 2014-11-20 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-20 16:03 - 2014-11-20 16:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-20 16:03 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-20 16:03 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-20 16:03 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-20 16:00 - 2014-11-20 16:02 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Phil\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-20 15:55 - 2014-11-20 15:55 - 00448512 _____ (OldTimer Tools) C:\Users\Phil\Downloads\TFC.exe
2014-11-20 04:39 - 2014-11-20 04:40 - 03845232 _____ () C:\Users\Phil\Downloads\sbsetup.exe
2014-11-20 04:35 - 2014-11-20 08:17 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForPhil.job
2014-11-20 04:35 - 2014-11-20 04:35 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPhil
2014-11-19 09:47 - 2014-11-19 09:47 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-11-19 09:05 - 2014-11-19 09:06 - 00037602 _____ () C:\Users\Phil\Downloads\Addition.txt
2014-11-19 09:03 - 2014-11-22 11:16 - 00025446 _____ () C:\Users\Phil\Downloads\FRST.txt
2014-11-19 09:03 - 2014-11-22 11:16 - 00000000 ____D () C:\FRST
2014-11-19 09:02 - 2014-11-22 11:15 - 02117632 _____ (Farbar) C:\Users\Phil\Downloads\FRST64.exe
2014-11-19 08:50 - 2014-11-19 08:51 - 02140160 _____ () C:\Users\Phil\Downloads\AdwCleaner.exe
2014-11-19 07:14 - 2014-11-11 11:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 07:14 - 2014-11-11 11:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 07:14 - 2014-11-11 10:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 07:14 - 2014-11-11 10:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-15 12:06 - 2014-11-15 12:06 - 00000000 __SHD () C:\Users\Phil\AppData\Local\EmieBrowserModeList
2014-11-15 11:14 - 2014-11-22 11:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 11:14 - 2014-11-15 12:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-15 11:14 - 2014-11-15 12:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-15 11:14 - 2014-11-15 12:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-15 09:55 - 2014-11-15 09:55 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\UnknownFile
2014-11-14 21:31 - 2014-09-19 00:20 - 00012723 _____ () C:\Users\Phil\Documents\DriverRestore-License.txt
2014-11-14 20:23 - 2014-11-14 20:23 - 00000000 ____D () C:\Users\Phil\AppData\Local\Microsoft Help
2014-11-14 20:23 - 2014-11-14 20:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 08:13 - 2014-11-08 03:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 08:13 - 2014-11-08 03:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 08:13 - 2014-11-06 12:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 08:13 - 2014-11-06 12:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 08:13 - 2014-11-06 11:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 08:13 - 2014-11-06 11:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 08:13 - 2014-11-06 11:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 08:13 - 2014-11-06 11:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 08:13 - 2014-11-06 11:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 08:13 - 2014-11-06 11:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 08:13 - 2014-11-06 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 08:13 - 2014-11-06 11:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 08:13 - 2014-11-06 11:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 08:13 - 2014-11-06 11:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:13 - 2014-11-06 11:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 08:13 - 2014-11-06 11:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 08:13 - 2014-11-06 11:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 08:13 - 2014-11-06 11:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:13 - 2014-11-06 11:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 08:13 - 2014-11-06 11:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:13 - 2014-11-06 11:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:13 - 2014-11-06 11:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 08:13 - 2014-11-06 11:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 08:13 - 2014-11-06 11:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 08:13 - 2014-11-06 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 08:13 - 2014-11-06 11:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 08:13 - 2014-11-06 10:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 08:13 - 2014-11-06 10:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 08:13 - 2014-11-06 10:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 08:13 - 2014-11-06 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 08:13 - 2014-11-06 10:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:13 - 2014-11-06 10:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 08:13 - 2014-11-06 10:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 08:13 - 2014-11-06 10:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 08:13 - 2014-11-06 10:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 08:13 - 2014-11-06 10:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 08:13 - 2014-11-06 10:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 08:13 - 2014-11-06 10:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 08:13 - 2014-11-06 10:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 08:13 - 2014-11-06 10:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 08:13 - 2014-11-06 10:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 08:13 - 2014-11-06 10:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:13 - 2014-11-06 10:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 08:13 - 2014-11-06 10:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 08:13 - 2014-11-06 09:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 08:13 - 2014-11-06 09:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 08:13 - 2014-11-06 09:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 08:13 - 2014-11-06 09:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 08:12 - 2014-11-06 12:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 08:12 - 2014-11-06 11:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 08:12 - 2014-11-06 11:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 08:12 - 2014-11-06 11:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 08:12 - 2014-11-06 11:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 08:12 - 2014-11-06 11:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 08:12 - 2014-11-06 10:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 08:12 - 2014-11-06 10:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 07:53 - 2014-10-14 10:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 07:53 - 2014-10-14 10:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 07:53 - 2014-10-14 10:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 07:53 - 2014-10-14 10:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 07:53 - 2014-10-14 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 07:53 - 2014-10-14 09:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 07:53 - 2014-10-14 09:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 07:53 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 07:53 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 07:48 - 2014-10-25 09:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 07:48 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 07:48 - 2014-10-14 10:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 07:48 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 07:48 - 2014-10-10 08:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 07:48 - 2014-10-03 10:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 07:48 - 2014-08-21 14:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 07:48 - 2014-08-21 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 07:48 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 07:48 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 07:48 - 2014-08-12 10:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 07:48 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 07:47 - 2014-10-18 10:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 07:47 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 07:35 - 2014-11-13 07:36 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Maxthon3
2014-11-13 07:35 - 2014-11-13 07:35 - 00003578 _____ () C:\Windows\System32\Tasks\Maxthon Update
2014-11-13 07:35 - 2014-11-13 07:35 - 00001083 _____ () C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk
2014-11-13 07:35 - 2014-11-13 07:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
2014-11-13 07:35 - 2014-11-13 07:35 - 00000000 ____D () C:\Program Files (x86)\Maxthon
2014-11-12 12:06 - 2014-11-12 12:06 - 00001963 _____ () C:\Users\Public\Desktop\Play Aerial Mahjong.lnk
2014-11-12 12:06 - 2014-11-12 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerial Mahjong
2014-11-12 12:06 - 2014-11-12 12:06 - 00000000 ____D () C:\Program Files (x86)\Aerial Mahjong
2014-11-11 21:01 - 2014-11-11 21:01 - 00000000 ____D () C:\InstaShare
2014-11-11 09:42 - 2014-11-11 09:42 - 00258661 _____ () C:\Users\Phil\Documents\Clyde1.htm
2014-11-11 09:42 - 2014-11-11 09:42 - 00000000 ____D () C:\Users\Phil\Documents\Clyde1_files
2014-11-08 20:00 - 2014-11-20 16:20 - 00000000 ____D () C:\ProgramData\JdsPdTQL
2014-11-06 14:25 - 2014-11-06 14:25 - 00000000 ____D () C:\ProgramData\Sophos
2014-11-06 14:24 - 2014-11-06 14:25 - 00003201 _____ () C:\Users\Phil\Desktop\Sophos Virus Removal Tool.lnk
2014-11-06 14:24 - 2014-11-06 14:24 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-06 14:24 - 2014-11-06 14:24 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-10-25 09:29 - 2014-10-25 09:29 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-25 09:29 - 2014-10-25 09:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-25 09:29 - 2014-10-25 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-23 08:41 - 2014-10-23 08:41 - 00025587 _____ () C:\Users\Phil\Documents\AdwCleaner[S0].txt
2014-10-23 08:33 - 2014-11-22 11:10 - 00000000 ____D () C:\AdwCleaner
2014-10-23 08:00 - 2014-10-23 08:00 - 00000000 ____D () C:\ProgramData\812E
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-22 11:14 - 2014-09-19 20:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-22 11:13 - 2014-09-20 08:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-22 11:12 - 2014-10-09 14:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-22 11:12 - 2014-09-19 20:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-22 11:11 - 2011-09-13 09:39 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-22 11:11 - 2010-11-21 11:47 - 01748978 _____ () C:\Windows\PFRO.log
2014-11-22 11:11 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-22 11:11 - 2009-07-14 12:51 - 00045437 _____ () C:\Windows\setupact.log
2014-11-22 11:10 - 2014-09-19 20:34 - 01284151 _____ () C:\Windows\WindowsUpdate.log
2014-11-22 10:58 - 2011-09-13 09:20 - 00000000 ____D () C:\ProgramData\Temp
2014-11-22 09:36 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-22 09:36 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 15:56 - 2014-09-28 09:00 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\SoftGrid Client
2014-11-21 15:28 - 2014-09-19 20:43 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0CF25CEB-2826-48CC-85E5-500F3D6BCD1E}
2014-11-21 09:09 - 2013-12-01 10:39 - 00000000 ____D () C:\Users\Phil\Documents\Personal
2014-11-21 09:09 - 2013-12-01 10:38 - 00000000 ____D () C:\Users\Phil\Documents\Bethanie
2014-11-20 16:17 - 2014-10-15 16:25 - 00000000 ____D () C:\Users\Phil\AppData\Local\ApplicationDatabaseTrash
2014-11-20 10:22 - 2014-09-20 21:05 - 00000000 ____D () C:\Users\Phil\AppData\Local\CrashDumps
2014-11-19 09:44 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-19 08:08 - 2014-09-20 10:39 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Skype
2014-11-18 20:43 - 2014-10-20 10:35 - 00002166 _____ () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-11-18 20:36 - 2011-09-13 09:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
2014-11-18 20:22 - 2014-09-19 20:43 - 00001845 _____ () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-17 14:50 - 2013-11-20 11:15 - 00000000 ____D () C:\Users\Phil\Documents\OTHERS
2014-11-15 16:21 - 2014-09-20 16:47 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-15 16:20 - 2014-10-11 16:37 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-15 12:09 - 2014-09-25 10:46 - 00000000 ____D () C:\Users\Phil\AppData\Local\Adobe
2014-11-15 11:16 - 2009-07-14 13:08 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-15 10:45 - 2011-09-13 09:28 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-11-15 10:45 - 2011-09-13 09:27 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-15 10:45 - 2011-09-13 09:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-15 09:55 - 2009-07-14 10:34 - 00000501 _____ () C:\Windows\win.ini
2014-11-14 12:39 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 07:55 - 2009-07-14 12:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 23:17 - 2014-09-20 10:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 23:12 - 2014-09-20 10:57 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 23:09 - 2014-09-19 20:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 23:09 - 2014-09-19 20:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 23:38 - 2014-10-12 09:11 - 00000000 ____D () C:\BigFishCache
2014-11-12 12:06 - 2014-10-22 10:05 - 00001258 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-11-10 19:35 - 2014-10-15 08:38 - 06160384 _____ () C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯慤
2014-11-08 19:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Resources
2014-11-08 09:42 - 2014-09-19 21:09 - 00000000 ____D () C:\Users\Phil\AppData\Local\Microsoft Games
2014-11-06 12:02 - 2014-10-11 13:14 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-11-04 21:34 - 2014-09-19 21:34 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPHIL-HP$
2014-11-04 21:34 - 2014-09-19 21:34 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForPHIL-HP$.job
2014-11-04 14:30 - 2010-11-21 11:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-02 00:16 - 2014-10-09 14:18 - 00002332 _____ () C:\Users\Phil\Desktop\Safe Money.lnk
2014-11-01 20:59 - 2014-10-09 14:18 - 00001126 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-10-31 10:54 - 2014-04-25 10:23 - 00000000 ____D () C:\Users\Phil\Documents\Social Club
2014-10-28 14:04 - 2014-09-19 20:36 - 00000000 ____D () C:\Users\Phil
2014-10-28 12:05 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-27 21:13 - 2014-09-20 16:30 - 00000000 ____D () C:\Users\Phil\Documents\My Received Files
2014-10-25 09:29 - 2014-09-20 10:39 - 00000000 ____D () C:\Users\Phil\AppData\Local\Skype
2014-10-25 09:29 - 2014-09-20 10:38 - 00000000 ____D () C:\ProgramData\Skype
2014-10-23 07:48 - 2014-09-19 20:37 - 00000000 ____D () C:\Users\Phil\AppData\Local\TouchSmartData
2014-10-23 07:47 - 2014-10-15 16:25 - 00000000 ____D () C:\Windows\SysWOW64\DatabaseMotionWin32
Some content of TEMP:
====================
C:\Users\Phil\AppData\Local\Temp\Quarantine.exe
C:\Users\Phil\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-15 12:31
==================== End Of Log ============================
Latest scan results and yes TFC was run prior to the other 2 scans
Phil T
Adwcleaner log shows a bunch of items removed from Google, but no further Adware found anywhere else.
Why did you post a log from FRST, I didn't ask for it.
Now we can do the clean up with FRST, please follow these instructions very carefully and post the results.
We are now going to run FRST in a different way.
NOTE: This fix has been written specifically for the PC being dealt with in this thread, if you run it on another system it may have undesirable consequences. If you have a similar problem, ask for help by opening a new thread in the appropriate forum.
Why did you post a log from FRST, I didn't ask for it
.Now we can do the clean up with FRST, please follow these instructions very carefully and post the results.
We are now going to run FRST in a different way.
- IMPORTANT---> First download the attachment at the bottom of this post by clicking on it and save it in the same location as FRST.
- Launch FRST by double clicking on it. DO NOT click on the Scan button or check any of the boxes.
- You may see a message that an update is installing, if so the program will close when the update completes, you will then need to double click on FRST to open it again.
- When the FRST window opens click on the Fix button just once and wait.
- You will see a message confirming the fix has been run and the log saved, click on OK and the Fixlog will open. Copy & Paste the full log it into your next reply.
NOTE: This fix has been written specifically for the PC being dealt with in this thread, if you run it on another system it may have undesirable consequences. If you have a similar problem, ask for help by opening a new thread in the appropriate forum.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Phil (administrator) on PHIL-HP on 24-11-2014 10:15:52
Running from C:\Users\Phil\Downloads
Loaded Profile: Phil (Available profiles: Phil)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(ICQ) C:\Users\Phil\AppData\Roaming\ICQM\icq.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-21] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-06-18] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-07] (SUPERAntiSpyware)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [iMesh] => "C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --lightmode
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [icq] => C:\Users\Phil\AppData\Roaming\ICQM\icq.exe [35239432 2014-11-23] (ICQ)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3569768352-949659789-3627985013-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3569768352-949659789-3627985013-1000] => http=127.0.0.1:33976
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://services.freshy.com/general/newhometab.php?hometab=home&partner=10815&guid={ABB849B7-4ACC-4FA1-A251-34D5CB2F89FD}&i=
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A769B6DAAE6CF01
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> DefaultScope {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL =
SearchScopes: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> {26810A5F-1041-4808-8BAC-8B4940F7ED5C} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10815
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> No Name - {96B19418-0628-48F3-8784-1BF5FF11B309} - No File
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3569768352-949659789-3627985013-1000: iMeshPlugin -> C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-09-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_ke[email protected]
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKU\.DEFAULT\...\Firefox\Extensions: [{30CD3668-32CE-DBFB-FA36-13792B87731B}] - C:\Program Files (x86)\ver7SpeeditUp\179.xpi
FF HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: Default -> hxxp://www.au.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.au.yahoo.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{googleageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-19]
CHR Extension: (Google Docs) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-19]
CHR Extension: (Google Drive) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09]
CHR Extension: (Kaspersky Protection) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-10-09]
CHR Extension: (YouTube) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-19]
CHR Extension: (Google Search) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-19]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-10-09]
CHR Extension: (Google Sheets) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-19]
CHR Extension: (Flipora: Mood-aware Website Recommendations) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnmfopkdlikmjcekmiclchejcpkapeji [2014-09-24]
CHR Extension: (Safe Money) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-10-11]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-10-11]
CHR Extension: (Virtual Keyboard) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-10-11]
CHR Extension: (TelevisionFanatic) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhllgfblonmjgobikneaoamdhneaecac [2014-10-18]
CHR Extension: (Google Wallet) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-19]
CHR Extension: (Gmail) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-19]
CHR Extension: (Anti-Banner) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-10-09]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-06-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-15] (Kaspersky Lab ZAO)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-06-18] (Portrait Displays, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 FintekCIR; C:\Windows\system32\drivers\FintekCIR.sys [30248 2009-11-13] (Fintek)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-10-09] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-15] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-15] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-10-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NWVoltron; C:\Windows\system32\drivers\NWVoltron.sys [28440 2011-06-24] ()
S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-24] (n/a)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-12] ()
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-24 10:13 - 2014-11-24 10:15 - 00025028 _____ () C:\Users\Phil\Downloads\FRST.txt
2014-11-23 20:25 - 2014-11-23 20:25 - 00001802 _____ () C:\Users\Phil\Desktop\ICQ.lnk
2014-11-23 20:25 - 2014-11-23 20:25 - 00001660 _____ () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2014-11-23 20:25 - 2014-11-23 20:25 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\ICQM
2014-11-23 20:17 - 2014-11-23 20:22 - 35212808 _____ (ICQ) C:\Users\Phil\Downloads\icq_rfrset.exe
2014-11-23 20:00 - 2014-11-23 20:00 - 00638888 _____ (Oracle Corporation) C:\Users\Phil\Downloads\chromeinstall-8u25.exe
2014-11-23 08:47 - 2014-11-23 08:47 - 00001782 _____ () C:\Users\Phil\Downloads\fixlist (1).txt
2014-11-22 20:15 - 2014-11-22 20:15 - 00001782 _____ () C:\Users\Phil\Downloads\fixlist.txt
2014-11-22 11:15 - 2014-11-24 10:15 - 00000000 ____D () C:\Users\Phil\Downloads\FRST-OlderVersion
2014-11-21 15:56 - 2014-11-21 15:56 - 00448512 _____ (OldTimer Tools) C:\Users\Phil\Downloads\TFC (1).exe
2014-11-20 16:29 - 2014-11-20 16:29 - 00090591 _____ () C:\Malware1.txt
2014-11-20 16:04 - 2014-11-24 09:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-20 16:03 - 2014-11-20 16:03 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-20 16:03 - 2014-11-20 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-20 16:03 - 2014-11-20 16:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-20 16:03 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-20 16:03 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-20 16:03 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-20 16:00 - 2014-11-20 16:02 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Phil\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-20 15:55 - 2014-11-20 15:55 - 00448512 _____ (OldTimer Tools) C:\Users\Phil\Downloads\TFC.exe
2014-11-20 04:39 - 2014-11-20 04:40 - 03845232 _____ () C:\Users\Phil\Downloads\sbsetup.exe
2014-11-20 04:35 - 2014-11-22 23:44 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForPhil.job
2014-11-20 04:35 - 2014-11-22 16:17 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPhil
2014-11-19 09:47 - 2014-11-19 09:47 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-11-19 09:05 - 2014-11-19 09:06 - 00037602 _____ () C:\Users\Phil\Downloads\Addition.txt
2014-11-19 09:03 - 2014-11-24 10:15 - 00000000 ____D () C:\FRST
2014-11-19 09:02 - 2014-11-24 10:15 - 02118144 _____ (Farbar) C:\Users\Phil\Downloads\FRST64.exe
2014-11-19 08:50 - 2014-11-19 08:51 - 02140160 _____ () C:\Users\Phil\Downloads\AdwCleaner.exe
2014-11-19 07:14 - 2014-11-11 11:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 07:14 - 2014-11-11 11:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 07:14 - 2014-11-11 10:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 07:14 - 2014-11-11 10:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-15 12:06 - 2014-11-15 12:06 - 00000000 __SHD () C:\Users\Phil\AppData\Local\EmieBrowserModeList
2014-11-15 11:14 - 2014-11-24 10:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 11:14 - 2014-11-15 12:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-15 11:14 - 2014-11-15 12:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-15 11:14 - 2014-11-15 12:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-15 09:55 - 2014-11-15 09:55 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\UnknownFile
2014-11-14 21:31 - 2014-09-19 00:20 - 00012723 _____ () C:\Users\Phil\Documents\DriverRestore-License.txt
2014-11-14 20:23 - 2014-11-14 20:23 - 00000000 ____D () C:\Users\Phil\AppData\Local\Microsoft Help
2014-11-14 20:23 - 2014-11-14 20:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 08:13 - 2014-11-08 03:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 08:13 - 2014-11-08 03:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 08:13 - 2014-11-06 12:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 08:13 - 2014-11-06 12:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 08:13 - 2014-11-06 11:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 08:13 - 2014-11-06 11:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 08:13 - 2014-11-06 11:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 08:13 - 2014-11-06 11:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 08:13 - 2014-11-06 11:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 08:13 - 2014-11-06 11:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 08:13 - 2014-11-06 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 08:13 - 2014-11-06 11:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 08:13 - 2014-11-06 11:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 08:13 - 2014-11-06 11:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:13 - 2014-11-06 11:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 08:13 - 2014-11-06 11:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 08:13 - 2014-11-06 11:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 08:13 - 2014-11-06 11:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:13 - 2014-11-06 11:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 08:13 - 2014-11-06 11:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:13 - 2014-11-06 11:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:13 - 2014-11-06 11:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 08:13 - 2014-11-06 11:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 08:13 - 2014-11-06 11:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 08:13 - 2014-11-06 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 08:13 - 2014-11-06 11:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 08:13 - 2014-11-06 10:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 08:13 - 2014-11-06 10:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 08:13 - 2014-11-06 10:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 08:13 - 2014-11-06 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 08:13 - 2014-11-06 10:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:13 - 2014-11-06 10:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 08:13 - 2014-11-06 10:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 08:13 - 2014-11-06 10:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 08:13 - 2014-11-06 10:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 08:13 - 2014-11-06 10:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 08:13 - 2014-11-06 10:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 08:13 - 2014-11-06 10:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 08:13 - 2014-11-06 10:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 08:13 - 2014-11-06 10:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 08:13 - 2014-11-06 10:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 08:13 - 2014-11-06 10:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:13 - 2014-11-06 10:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 08:13 - 2014-11-06 10:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 08:13 - 2014-11-06 09:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 08:13 - 2014-11-06 09:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 08:13 - 2014-11-06 09:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 08:13 - 2014-11-06 09:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 08:12 - 2014-11-06 12:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 08:12 - 2014-11-06 11:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 08:12 - 2014-11-06 11:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 08:12 - 2014-11-06 11:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 08:12 - 2014-11-06 11:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 08:12 - 2014-11-06 11:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 08:12 - 2014-11-06 10:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 08:12 - 2014-11-06 10:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 07:53 - 2014-10-14 10:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 07:53 - 2014-10-14 10:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 07:53 - 2014-10-14 10:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 07:53 - 2014-10-14 10:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 07:53 - 2014-10-14 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 07:53 - 2014-10-14 09:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 07:53 - 2014-10-14 09:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 07:53 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 07:53 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 07:48 - 2014-10-25 09:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 07:48 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 07:48 - 2014-10-14 10:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 07:48 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 07:48 - 2014-10-10 08:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 07:48 - 2014-10-03 10:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 07:48 - 2014-08-21 14:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 07:48 - 2014-08-21 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 07:48 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 07:48 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 07:48 - 2014-08-12 10:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 07:48 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 07:47 - 2014-10-18 10:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 07:47 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 07:35 - 2014-11-13 07:36 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Maxthon3
2014-11-13 07:35 - 2014-11-13 07:35 - 00003578 _____ () C:\Windows\System32\Tasks\Maxthon Update
2014-11-13 07:35 - 2014-11-13 07:35 - 00001083 _____ () C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk
2014-11-13 07:35 - 2014-11-13 07:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
2014-11-13 07:35 - 2014-11-13 07:35 - 00000000 ____D () C:\Program Files (x86)\Maxthon
2014-11-12 12:06 - 2014-11-12 12:06 - 00001963 _____ () C:\Users\Public\Desktop\Play Aerial Mahjong.lnk
2014-11-12 12:06 - 2014-11-12 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerial Mahjong
2014-11-12 12:06 - 2014-11-12 12:06 - 00000000 ____D () C:\Program Files (x86)\Aerial Mahjong
2014-11-11 21:01 - 2014-11-11 21:01 - 00000000 ____D () C:\InstaShare
2014-11-11 09:42 - 2014-11-11 09:42 - 00258661 _____ () C:\Users\Phil\Documents\Clyde1.htm
2014-11-11 09:42 - 2014-11-11 09:42 - 00000000 ____D () C:\Users\Phil\Documents\Clyde1_files
2014-11-08 20:00 - 2014-11-20 16:20 - 00000000 ____D () C:\ProgramData\JdsPdTQL
2014-11-06 14:25 - 2014-11-06 14:25 - 00000000 ____D () C:\ProgramData\Sophos
2014-11-06 14:24 - 2014-11-06 14:25 - 00003201 _____ () C:\Users\Phil\Desktop\Sophos Virus Removal Tool.lnk
2014-11-06 14:24 - 2014-11-06 14:24 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-06 14:24 - 2014-11-06 14:24 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-10-25 09:29 - 2014-10-25 09:29 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-25 09:29 - 2014-10-25 09:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-25 09:29 - 2014-10-25 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-24 10:14 - 2014-09-19 20:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-24 10:01 - 2011-09-13 09:20 - 00000000 ____D () C:\ProgramData\Temp
2014-11-24 08:40 - 2014-10-09 14:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-24 08:29 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-24 08:29 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-24 08:26 - 2014-09-19 20:34 - 01356140 _____ () C:\Windows\WindowsUpdate.log
2014-11-24 08:23 - 2014-09-20 08:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-24 08:23 - 2014-09-19 20:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-24 08:22 - 2011-09-13 09:39 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-24 08:22 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-24 08:22 - 2009-07-14 12:51 - 00045661 _____ () C:\Windows\setupact.log
2014-11-23 22:52 - 2014-09-28 09:00 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\SoftGrid Client
2014-11-23 20:25 - 2014-09-20 08:38 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2014-11-23 20:01 - 2014-09-20 13:13 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-23 19:53 - 2014-09-20 13:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-23 16:51 - 2014-09-19 20:43 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0CF25CEB-2826-48CC-85E5-500F3D6BCD1E}
2014-11-22 16:17 - 2014-10-11 16:37 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-22 16:17 - 2014-09-20 16:47 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-22 11:41 - 2013-12-01 10:38 - 00000000 ____D () C:\Users\Phil\Documents\Bethanie
2014-11-22 11:11 - 2010-11-21 11:47 - 01748978 _____ () C:\Windows\PFRO.log
2014-11-22 11:10 - 2014-10-23 08:33 - 00000000 ____D () C:\AdwCleaner
2014-11-21 09:09 - 2013-12-01 10:39 - 00000000 ____D () C:\Users\Phil\Documents\Personal
2014-11-20 16:17 - 2014-10-15 16:25 - 00000000 ____D () C:\Users\Phil\AppData\Local\ApplicationDatabaseTrash
2014-11-20 10:22 - 2014-09-20 21:05 - 00000000 ____D () C:\Users\Phil\AppData\Local\CrashDumps
2014-11-19 09:44 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-19 08:08 - 2014-09-20 10:39 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Skype
2014-11-18 20:43 - 2014-10-20 10:35 - 00002166 _____ () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-11-18 20:36 - 2011-09-13 09:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
2014-11-18 20:22 - 2014-09-19 20:43 - 00001845 _____ () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-17 14:50 - 2013-11-20 11:15 - 00000000 ____D () C:\Users\Phil\Documents\OTHERS
2014-11-15 12:09 - 2014-09-25 10:46 - 00000000 ____D () C:\Users\Phil\AppData\Local\Adobe
2014-11-15 11:16 - 2009-07-14 13:08 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-15 10:45 - 2011-09-13 09:28 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-11-15 10:45 - 2011-09-13 09:27 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-15 10:45 - 2011-09-13 09:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-15 09:55 - 2009-07-14 10:34 - 00000501 _____ () C:\Windows\win.ini
2014-11-14 12:39 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 07:55 - 2009-07-14 12:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 23:17 - 2014-09-20 10:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 23:12 - 2014-09-20 10:57 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 23:09 - 2014-09-19 20:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 23:09 - 2014-09-19 20:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 23:38 - 2014-10-12 09:11 - 00000000 ____D () C:\BigFishCache
2014-11-12 12:06 - 2014-10-22 10:05 - 00001258 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-11-10 19:35 - 2014-10-15 08:38 - 06160384 _____ () C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯慤
2014-11-08 19:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Resources
2014-11-08 09:42 - 2014-09-19 21:09 - 00000000 ____D () C:\Users\Phil\AppData\Local\Microsoft Games
2014-11-06 12:02 - 2014-10-11 13:14 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-11-04 21:34 - 2014-09-19 21:34 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPHIL-HP$
2014-11-04 21:34 - 2014-09-19 21:34 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForPHIL-HP$.job
2014-11-04 14:30 - 2010-11-21 11:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-02 00:16 - 2014-10-09 14:18 - 00002332 _____ () C:\Users\Phil\Desktop\Safe Money.lnk
2014-11-01 20:59 - 2014-10-09 14:18 - 00001126 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-10-31 10:54 - 2014-04-25 10:23 - 00000000 ____D () C:\Users\Phil\Documents\Social Club
2014-10-28 14:04 - 2014-09-19 20:36 - 00000000 ____D () C:\Users\Phil
2014-10-28 12:05 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-27 21:13 - 2014-09-20 16:30 - 00000000 ____D () C:\Users\Phil\Documents\My Received Files
2014-10-25 09:29 - 2014-09-20 10:39 - 00000000 ____D () C:\Users\Phil\AppData\Local\Skype
2014-10-25 09:29 - 2014-09-20 10:38 - 00000000 ____D () C:\ProgramData\Skype
Some content of TEMP:
====================
C:\Users\Phil\AppData\Local\Temp\Quarantine.exe
C:\Users\Phil\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-15 12:31
==================== End Of Log ============================
Ran by Phil (administrator) on PHIL-HP on 24-11-2014 10:15:52
Running from C:\Users\Phil\Downloads
Loaded Profile: Phil (Available profiles: Phil)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(ICQ) C:\Users\Phil\AppData\Roaming\ICQM\icq.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-21] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-06-18] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-07] (SUPERAntiSpyware)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [iMesh] => "C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --lightmode
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Run: [icq] => C:\Users\Phil\AppData\Roaming\ICQM\icq.exe [35239432 2014-11-23] (ICQ)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3569768352-949659789-3627985013-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3569768352-949659789-3627985013-1000] => http=127.0.0.1:33976
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://services.freshy.com/general/newhometab.php?hometab=home&partner=10815&guid={ABB849B7-4ACC-4FA1-A251-34D5CB2F89FD}&i=
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A769B6DAAE6CF01
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> DefaultScope {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL =
SearchScopes: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> {26810A5F-1041-4808-8BAC-8B4940F7ED5C} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10815
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> No Name - {96B19418-0628-48F3-8784-1BF5FF11B309} - No File
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3569768352-949659789-3627985013-1000: iMeshPlugin -> C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-09-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_ke[email protected]
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-09]
FF HKU\.DEFAULT\...\Firefox\Extensions: [{30CD3668-32CE-DBFB-FA36-13792B87731B}] - C:\Program Files (x86)\ver7SpeeditUp\179.xpi
FF HKU\S-1-5-21-3569768352-949659789-3627985013-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: Default -> hxxp://www.au.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.au.yahoo.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google
ageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-19]
CHR Extension: (Google Docs) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-19]
CHR Extension: (Google Drive) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09]
CHR Extension: (Kaspersky Protection) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-10-09]
CHR Extension: (YouTube) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-19]
CHR Extension: (Google Search) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-19]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-10-09]
CHR Extension: (Google Sheets) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-19]
CHR Extension: (Flipora: Mood-aware Website Recommendations) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnmfopkdlikmjcekmiclchejcpkapeji [2014-09-24]
CHR Extension: (Safe Money) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-10-11]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-10-11]
CHR Extension: (Virtual Keyboard) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-10-11]
CHR Extension: (TelevisionFanatic) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhllgfblonmjgobikneaoamdhneaecac [2014-10-18]
CHR Extension: (Google Wallet) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-19]
CHR Extension: (Gmail) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-19]
CHR Extension: (Anti-Banner) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-10-09]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-06-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-15] (Kaspersky Lab ZAO)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-06-18] (Portrait Displays, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 FintekCIR; C:\Windows\system32\drivers\FintekCIR.sys [30248 2009-11-13] (Fintek)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-10-09] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-15] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-15] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-10-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NWVoltron; C:\Windows\system32\drivers\NWVoltron.sys [28440 2011-06-24] ()
S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-24] (n/a)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-12] ()
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-24 10:13 - 2014-11-24 10:15 - 00025028 _____ () C:\Users\Phil\Downloads\FRST.txt
2014-11-23 20:25 - 2014-11-23 20:25 - 00001802 _____ () C:\Users\Phil\Desktop\ICQ.lnk
2014-11-23 20:25 - 2014-11-23 20:25 - 00001660 _____ () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2014-11-23 20:25 - 2014-11-23 20:25 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\ICQM
2014-11-23 20:17 - 2014-11-23 20:22 - 35212808 _____ (ICQ) C:\Users\Phil\Downloads\icq_rfrset.exe
2014-11-23 20:00 - 2014-11-23 20:00 - 00638888 _____ (Oracle Corporation) C:\Users\Phil\Downloads\chromeinstall-8u25.exe
2014-11-23 08:47 - 2014-11-23 08:47 - 00001782 _____ () C:\Users\Phil\Downloads\fixlist (1).txt
2014-11-22 20:15 - 2014-11-22 20:15 - 00001782 _____ () C:\Users\Phil\Downloads\fixlist.txt
2014-11-22 11:15 - 2014-11-24 10:15 - 00000000 ____D () C:\Users\Phil\Downloads\FRST-OlderVersion
2014-11-21 15:56 - 2014-11-21 15:56 - 00448512 _____ (OldTimer Tools) C:\Users\Phil\Downloads\TFC (1).exe
2014-11-20 16:29 - 2014-11-20 16:29 - 00090591 _____ () C:\Malware1.txt
2014-11-20 16:04 - 2014-11-24 09:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-20 16:03 - 2014-11-20 16:03 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-20 16:03 - 2014-11-20 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-20 16:03 - 2014-11-20 16:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-20 16:03 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-20 16:03 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-20 16:03 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-20 16:00 - 2014-11-20 16:02 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Phil\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-20 15:55 - 2014-11-20 15:55 - 00448512 _____ (OldTimer Tools) C:\Users\Phil\Downloads\TFC.exe
2014-11-20 04:39 - 2014-11-20 04:40 - 03845232 _____ () C:\Users\Phil\Downloads\sbsetup.exe
2014-11-20 04:35 - 2014-11-22 23:44 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForPhil.job
2014-11-20 04:35 - 2014-11-22 16:17 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPhil
2014-11-19 09:47 - 2014-11-19 09:47 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-11-19 09:05 - 2014-11-19 09:06 - 00037602 _____ () C:\Users\Phil\Downloads\Addition.txt
2014-11-19 09:03 - 2014-11-24 10:15 - 00000000 ____D () C:\FRST
2014-11-19 09:02 - 2014-11-24 10:15 - 02118144 _____ (Farbar) C:\Users\Phil\Downloads\FRST64.exe
2014-11-19 08:50 - 2014-11-19 08:51 - 02140160 _____ () C:\Users\Phil\Downloads\AdwCleaner.exe
2014-11-19 07:14 - 2014-11-11 11:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 07:14 - 2014-11-11 11:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 07:14 - 2014-11-11 10:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 07:14 - 2014-11-11 10:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-15 12:06 - 2014-11-15 12:06 - 00000000 __SHD () C:\Users\Phil\AppData\Local\EmieBrowserModeList
2014-11-15 11:14 - 2014-11-24 10:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 11:14 - 2014-11-15 12:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-15 11:14 - 2014-11-15 12:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-15 11:14 - 2014-11-15 12:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-15 09:55 - 2014-11-15 09:55 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\UnknownFile
2014-11-14 21:31 - 2014-09-19 00:20 - 00012723 _____ () C:\Users\Phil\Documents\DriverRestore-License.txt
2014-11-14 20:23 - 2014-11-14 20:23 - 00000000 ____D () C:\Users\Phil\AppData\Local\Microsoft Help
2014-11-14 20:23 - 2014-11-14 20:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 08:13 - 2014-11-08 03:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 08:13 - 2014-11-08 03:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 08:13 - 2014-11-06 12:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 08:13 - 2014-11-06 12:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 08:13 - 2014-11-06 11:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 08:13 - 2014-11-06 11:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 08:13 - 2014-11-06 11:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 08:13 - 2014-11-06 11:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 08:13 - 2014-11-06 11:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 08:13 - 2014-11-06 11:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 08:13 - 2014-11-06 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 08:13 - 2014-11-06 11:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 08:13 - 2014-11-06 11:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 08:13 - 2014-11-06 11:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:13 - 2014-11-06 11:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 08:13 - 2014-11-06 11:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 08:13 - 2014-11-06 11:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 08:13 - 2014-11-06 11:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:13 - 2014-11-06 11:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 08:13 - 2014-11-06 11:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:13 - 2014-11-06 11:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:13 - 2014-11-06 11:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 08:13 - 2014-11-06 11:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 08:13 - 2014-11-06 11:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 08:13 - 2014-11-06 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 08:13 - 2014-11-06 11:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 08:13 - 2014-11-06 10:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 08:13 - 2014-11-06 10:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 08:13 - 2014-11-06 10:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 08:13 - 2014-11-06 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 08:13 - 2014-11-06 10:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:13 - 2014-11-06 10:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 08:13 - 2014-11-06 10:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 08:13 - 2014-11-06 10:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 08:13 - 2014-11-06 10:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 08:13 - 2014-11-06 10:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 08:13 - 2014-11-06 10:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 08:13 - 2014-11-06 10:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 08:13 - 2014-11-06 10:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 08:13 - 2014-11-06 10:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 08:13 - 2014-11-06 10:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 08:13 - 2014-11-06 10:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:13 - 2014-11-06 10:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 08:13 - 2014-11-06 10:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 08:13 - 2014-11-06 09:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 08:13 - 2014-11-06 09:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 08:13 - 2014-11-06 09:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 08:13 - 2014-11-06 09:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 08:12 - 2014-11-06 12:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 08:12 - 2014-11-06 11:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 08:12 - 2014-11-06 11:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 08:12 - 2014-11-06 11:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 08:12 - 2014-11-06 11:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 08:12 - 2014-11-06 11:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 08:12 - 2014-11-06 10:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 08:12 - 2014-11-06 10:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 07:53 - 2014-10-14 10:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 07:53 - 2014-10-14 10:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 07:53 - 2014-10-14 10:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 07:53 - 2014-10-14 10:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 07:53 - 2014-10-14 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 07:53 - 2014-10-14 09:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 07:53 - 2014-10-14 09:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 07:53 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 07:53 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 07:48 - 2014-10-25 09:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 07:48 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 07:48 - 2014-10-14 10:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 07:48 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 07:48 - 2014-10-10 08:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 07:48 - 2014-10-03 10:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 07:48 - 2014-10-03 10:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 07:48 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 07:48 - 2014-09-19 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 07:48 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 07:48 - 2014-08-21 14:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 07:48 - 2014-08-21 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 07:48 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 07:48 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 07:48 - 2014-08-12 10:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 07:48 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 07:47 - 2014-10-18 10:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 07:47 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 07:35 - 2014-11-13 07:36 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Maxthon3
2014-11-13 07:35 - 2014-11-13 07:35 - 00003578 _____ () C:\Windows\System32\Tasks\Maxthon Update
2014-11-13 07:35 - 2014-11-13 07:35 - 00001083 _____ () C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk
2014-11-13 07:35 - 2014-11-13 07:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
2014-11-13 07:35 - 2014-11-13 07:35 - 00000000 ____D () C:\Program Files (x86)\Maxthon
2014-11-12 12:06 - 2014-11-12 12:06 - 00001963 _____ () C:\Users\Public\Desktop\Play Aerial Mahjong.lnk
2014-11-12 12:06 - 2014-11-12 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerial Mahjong
2014-11-12 12:06 - 2014-11-12 12:06 - 00000000 ____D () C:\Program Files (x86)\Aerial Mahjong
2014-11-11 21:01 - 2014-11-11 21:01 - 00000000 ____D () C:\InstaShare
2014-11-11 09:42 - 2014-11-11 09:42 - 00258661 _____ () C:\Users\Phil\Documents\Clyde1.htm
2014-11-11 09:42 - 2014-11-11 09:42 - 00000000 ____D () C:\Users\Phil\Documents\Clyde1_files
2014-11-08 20:00 - 2014-11-20 16:20 - 00000000 ____D () C:\ProgramData\JdsPdTQL
2014-11-06 14:25 - 2014-11-06 14:25 - 00000000 ____D () C:\ProgramData\Sophos
2014-11-06 14:24 - 2014-11-06 14:25 - 00003201 _____ () C:\Users\Phil\Desktop\Sophos Virus Removal Tool.lnk
2014-11-06 14:24 - 2014-11-06 14:24 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-06 14:24 - 2014-11-06 14:24 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-10-25 09:29 - 2014-10-25 09:29 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-25 09:29 - 2014-10-25 09:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-25 09:29 - 2014-10-25 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-24 10:14 - 2014-09-19 20:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-24 10:01 - 2011-09-13 09:20 - 00000000 ____D () C:\ProgramData\Temp
2014-11-24 08:40 - 2014-10-09 14:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-24 08:29 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-24 08:29 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-24 08:26 - 2014-09-19 20:34 - 01356140 _____ () C:\Windows\WindowsUpdate.log
2014-11-24 08:23 - 2014-09-20 08:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-24 08:23 - 2014-09-19 20:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-24 08:22 - 2011-09-13 09:39 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-24 08:22 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-24 08:22 - 2009-07-14 12:51 - 00045661 _____ () C:\Windows\setupact.log
2014-11-23 22:52 - 2014-09-28 09:00 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\SoftGrid Client
2014-11-23 20:25 - 2014-09-20 08:38 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2014-11-23 20:01 - 2014-09-20 13:13 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-23 19:53 - 2014-09-20 13:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-23 16:51 - 2014-09-19 20:43 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0CF25CEB-2826-48CC-85E5-500F3D6BCD1E}
2014-11-22 16:17 - 2014-10-11 16:37 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-22 16:17 - 2014-09-20 16:47 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-22 11:41 - 2013-12-01 10:38 - 00000000 ____D () C:\Users\Phil\Documents\Bethanie
2014-11-22 11:11 - 2010-11-21 11:47 - 01748978 _____ () C:\Windows\PFRO.log
2014-11-22 11:10 - 2014-10-23 08:33 - 00000000 ____D () C:\AdwCleaner
2014-11-21 09:09 - 2013-12-01 10:39 - 00000000 ____D () C:\Users\Phil\Documents\Personal
2014-11-20 16:17 - 2014-10-15 16:25 - 00000000 ____D () C:\Users\Phil\AppData\Local\ApplicationDatabaseTrash
2014-11-20 10:22 - 2014-09-20 21:05 - 00000000 ____D () C:\Users\Phil\AppData\Local\CrashDumps
2014-11-19 09:44 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-19 08:08 - 2014-09-20 10:39 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Skype
2014-11-18 20:43 - 2014-10-20 10:35 - 00002166 _____ () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-11-18 20:36 - 2011-09-13 09:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
2014-11-18 20:22 - 2014-09-19 20:43 - 00001845 _____ () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-17 14:50 - 2013-11-20 11:15 - 00000000 ____D () C:\Users\Phil\Documents\OTHERS
2014-11-15 12:09 - 2014-09-25 10:46 - 00000000 ____D () C:\Users\Phil\AppData\Local\Adobe
2014-11-15 11:16 - 2009-07-14 13:08 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-15 10:45 - 2011-09-13 09:28 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-11-15 10:45 - 2011-09-13 09:27 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-15 10:45 - 2011-09-13 09:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-15 09:55 - 2009-07-14 10:34 - 00000501 _____ () C:\Windows\win.ini
2014-11-14 12:39 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 07:55 - 2009-07-14 12:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 23:17 - 2014-09-20 10:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 23:12 - 2014-09-20 10:57 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 23:09 - 2014-09-19 20:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 23:09 - 2014-09-19 20:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 23:38 - 2014-10-12 09:11 - 00000000 ____D () C:\BigFishCache
2014-11-12 12:06 - 2014-10-22 10:05 - 00001258 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-11-10 19:35 - 2014-10-15 08:38 - 06160384 _____ () C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯慤
2014-11-08 19:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Resources
2014-11-08 09:42 - 2014-09-19 21:09 - 00000000 ____D () C:\Users\Phil\AppData\Local\Microsoft Games
2014-11-06 12:02 - 2014-10-11 13:14 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-11-04 21:34 - 2014-09-19 21:34 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPHIL-HP$
2014-11-04 21:34 - 2014-09-19 21:34 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForPHIL-HP$.job
2014-11-04 14:30 - 2010-11-21 11:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-02 00:16 - 2014-10-09 14:18 - 00002332 _____ () C:\Users\Phil\Desktop\Safe Money.lnk
2014-11-01 20:59 - 2014-10-09 14:18 - 00001126 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-10-31 10:54 - 2014-04-25 10:23 - 00000000 ____D () C:\Users\Phil\Documents\Social Club
2014-10-28 14:04 - 2014-09-19 20:36 - 00000000 ____D () C:\Users\Phil
2014-10-28 12:05 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-27 21:13 - 2014-09-20 16:30 - 00000000 ____D () C:\Users\Phil\Documents\My Received Files
2014-10-25 09:29 - 2014-09-20 10:39 - 00000000 ____D () C:\Users\Phil\AppData\Local\Skype
2014-10-25 09:29 - 2014-09-20 10:38 - 00000000 ____D () C:\ProgramData\Skype
Some content of TEMP:
====================
C:\Users\Phil\AppData\Local\Temp\Quarantine.exe
C:\Users\Phil\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-15 12:31
==================== End Of Log ============================
Hope this is fine now
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Phil at 2014-11-27 21:17:09 Run:1
Running from C:\Users\Phil\Downloads
Loaded Profile: Phil (Available profiles: Phil)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3569768352-949659789-3627985013-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3569768352-949659789-3627985013-1000] => http=127.0.0.1:33976
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
Toolbar: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> No Name - {96B19418-0628-48F3-8784-1BF5FF11B309} - No File
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll No File
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin HKU\S-1-5-21-3569768352-949659789-3627985013-1000: iMeshPlugin -> C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll No File
Task: {B0E51BCD-FF2D-46EF-A879-293C750A802F} - System32\Tasks\PC Performer Scheduled Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {EE835894-4A09-4957-8306-0747D73E462D} - System32\Tasks\PC Performer Logon Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\Windows\Tasks\44f212f3-448b-4b3f-99c1-81bcad79927e.job => C:\Program Files (x86)\HD-Quality-v3V09.10\44f212f3-448b-4b3f-99c1-81bcad79927e.exe <==== ATTENTION
Task: C:\Windows\Tasks\ebc69e93-e8aa-4939-97d7-d4352799c479-5_user.job => C:\Program Files (x86)\HD-Quality-v3V09.10\ebc69e93-e8aa-4939-97d7-d4352799c479-5.exe <==== ATTENTION
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3569768352-949659789-3627985013-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{96B19418-0628-48F3-8784-1BF5FF11B309} => value deleted successfully.
"HKCR\CLSID\{96B19418-0628-48F3-8784-1BF5FF11B309}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@oberon-media.com/ONCAdapter" => Key deleted successfully.
"HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\MozillaPlugins\iMeshPlugin" => Key deleted successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0E51BCD-FF2D-46EF-A879-293C750A802F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0E51BCD-FF2D-46EF-A879-293C750A802F}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Performer Scheduled Scan not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer Scheduled Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EE835894-4A09-4957-8306-0747D73E462D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE835894-4A09-4957-8306-0747D73E462D}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Performer Logon Scan not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer Logon Scan" => Key deleted successfully.
C:\Windows\Tasks\44f212f3-448b-4b3f-99c1-81bcad79927e.job not found.
C:\Windows\Tasks\ebc69e93-e8aa-4939-97d7-d4352799c479-5_user.job not found.
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Phil at 2014-11-27 21:17:09 Run:1
Running from C:\Users\Phil\Downloads
Loaded Profile: Phil (Available profiles: Phil)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3569768352-949659789-3627985013-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3569768352-949659789-3627985013-1000] => http=127.0.0.1:33976
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
Toolbar: HKU\S-1-5-21-3569768352-949659789-3627985013-1000 -> No Name - {96B19418-0628-48F3-8784-1BF5FF11B309} - No File
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll No File
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin HKU\S-1-5-21-3569768352-949659789-3627985013-1000: iMeshPlugin -> C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll No File
Task: {B0E51BCD-FF2D-46EF-A879-293C750A802F} - System32\Tasks\PC Performer Scheduled Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {EE835894-4A09-4957-8306-0747D73E462D} - System32\Tasks\PC Performer Logon Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\Windows\Tasks\44f212f3-448b-4b3f-99c1-81bcad79927e.job => C:\Program Files (x86)\HD-Quality-v3V09.10\44f212f3-448b-4b3f-99c1-81bcad79927e.exe <==== ATTENTION
Task: C:\Windows\Tasks\ebc69e93-e8aa-4939-97d7-d4352799c479-5_user.job => C:\Program Files (x86)\HD-Quality-v3V09.10\ebc69e93-e8aa-4939-97d7-d4352799c479-5.exe <==== ATTENTION
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3569768352-949659789-3627985013-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{96B19418-0628-48F3-8784-1BF5FF11B309} => value deleted successfully.
"HKCR\CLSID\{96B19418-0628-48F3-8784-1BF5FF11B309}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@oberon-media.com/ONCAdapter" => Key deleted successfully.
"HKU\S-1-5-21-3569768352-949659789-3627985013-1000\Software\MozillaPlugins\iMeshPlugin" => Key deleted successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0E51BCD-FF2D-46EF-A879-293C750A802F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0E51BCD-FF2D-46EF-A879-293C750A802F}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Performer Scheduled Scan not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer Scheduled Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EE835894-4A09-4957-8306-0747D73E462D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE835894-4A09-4957-8306-0747D73E462D}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Performer Logon Scan not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer Logon Scan" => Key deleted successfully.
C:\Windows\Tasks\44f212f3-448b-4b3f-99c1-81bcad79927e.job not found.
C:\Windows\Tasks\ebc69e93-e8aa-4939-97d7-d4352799c479-5_user.job not found.
==== End of Fixlog ====
1 - 20 of 23 Posts
- Status
