PDA

View Full Version : Can't fix the Somoto.BetterInstaller with Spybot!



Jess37
2015-02-08, 20:35
Okay so I did a scan with spybot because my informatic teacher told us to try that at home. So I had a lot of problem to fix so they all got fixed except Somoto.BetterInstaller. It says "some problem couldn't be fixed; the reason could be that associated files are still in use (memory). This could be fixed after a restart. (...)" but after the restart it said the same so... I don't know what to do anymore... The 2 things under somoto.betterinstaller are (SBI $B8A7F4F7) root class HKEY_LOCAL_MACHINE_\SOFTWARE\Classes\sdp and the second one is the same except that at the end it's \sdp (64 bit). And i don't know if it's related to the virus or something but i have weird shortcut on my desktop that appeared there when i just opened it (they look pale and have almost the same name as some of my file for my homework except there's an ~ instead of the first letter and then there's 2 file named desktop.ini pale too and 3 file named ~Wrl0373.tmp ~wrl2642.tmp ~wrl3180.tmp) they look suspicious :( :( :(

So, I've posted my problem in the wrong forum and they refered me here ^^ so I have the log
I have Spybot, Avast! anvtivirus, Hitmanpro 3.7

THANK YOU!!!! :)





FRST.txt :

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Jessica (administrator) on JESSICA-HP on 08-02-2015 13:31:30
Running from C:\Users\Jessica\Desktop
Loaded Profiles: Jessica (Available profiles: Jessica)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
( ) C:\Windows\System32\lxducoms.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AgentAntidote32] => C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe [1214496 2014-04-17] (Druide informatique inc.)
HKLM\...\Run: [AgentAntidote64] => C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe [1371680 2014-04-17] (Druide informatique inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 1999-12-31] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7032320 2014-09-02] (Broadcom Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-09-27] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [Google Update] => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-31] (Google Inc.)
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {0f98fe82-32d1-11e4-bc44-806e6f6e6963} - D:\installer.exe
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {872b4627-a482-11e2-a3cb-78e3b5657a3c} - G:\autorun.exe
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {f5c6f352-f338-11e1-a99d-806e6f6e6963} - F:\Autorun.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> {25E212C1-69E6-4924-90D3-CD7783E644F9} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-2557544163-3699447316-167012314-1000 -> {AF94605B-2A56-445D-AE0A-F49AB3139389} URL = http://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=091513&q={searchTerms}&src=IE-SearchBox
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2557544163-3699447316-167012314-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2557544163-3699447316-167012314-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://ca.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://ca.yahoo.com?fr=hp-avast&type=avastbcl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jessica\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jessica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\searchplugins\yahoo-avast.xml
FF Extension: Module d'Antidote - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\Extensions\antidote7_win_firefox_103@druide.com [2014-06-13]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-01-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-29]

Chrome:
=======
CHR HomePage: Default -> https://www.google.ca/?gfe_rd=cr&ei=0GqQU_6sDION8QeZp4HoDw
CHR StartupUrls: Default -> "https://www.google.ca/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HP Product Detection Plugin) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2015-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
CHR Extension: (Adblock Plus) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-20]
CHR Extension: (Grass) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
StartMenuInternet: Google Chrome.S637RQSX4AEF2GNVA2WS2VIQTE - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-10] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( ) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-17] (Electronic Arts)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 1999-12-31] (IDT, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5878272 2014-09-02] (Broadcom Corporation) [File not signed]
S2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-20] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-09-27] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S1 aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys [X]
S1 aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 13:31 - 2015-02-08 13:32 - 00030738 _____ () C:\Users\Jessica\Desktop\FRST.txt
2015-02-08 13:29 - 2015-02-08 13:31 - 00000000 ____D () C:\FRST
2015-02-08 13:29 - 2015-02-08 13:29 - 02132992 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
2015-02-08 13:26 - 2015-02-08 13:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JESSICA-HP-Windows-7-Home-Premium-(64-bit).dat
2015-02-08 13:24 - 2015-02-08 13:24 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\RegBackup
2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-08 13:23 - 2015-02-08 13:23 - 04803888 _____ () C:\Users\Jessica\Desktop\tweaking.com_registry_backup_setup.exe
2015-02-02 16:57 - 2015-02-02 16:57 - 00001258 _____ () C:\Users\Jessica\Desktop\Spybot - Search & Destroy.lnk
2015-02-02 16:57 - 2015-02-02 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-02-02 16:56 - 2015-02-02 17:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-02 16:56 - 2015-02-02 16:57 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-02-01 21:16 - 2015-02-06 19:32 - 05163090 _____ () C:\Users\Jessica\Desktop\affiche cpac2.pptx
2015-01-21 15:20 - 2015-02-06 08:53 - 00000000 ____D () C:\Users\Jessica\Desktop\INFO1003
2015-01-18 10:47 - 2015-02-08 13:21 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForJessica.job
2015-01-18 10:47 - 2015-02-08 13:20 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJessica
2015-01-15 21:09 - 2014-12-18 23:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:42 - 2014-12-18 21:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:42 - 2014-12-12 01:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:42 - 2014-12-12 01:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:42 - 2014-12-12 01:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:42 - 2014-12-12 01:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:42 - 2014-12-12 01:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:42 - 2014-12-12 01:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:42 - 2014-12-12 01:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:42 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:42 - 2014-12-06 00:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:42 - 2014-12-05 23:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:42 - 2014-12-05 23:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 21:31 - 2015-01-11 22:02 - 00000000 ____D () C:\Foldit
2015-01-11 21:31 - 2015-01-11 21:31 - 00001408 _____ () C:\Users\Public\Desktop\Foldit.lnk
2015-01-11 21:31 - 2015-01-11 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foldit
2015-01-11 13:16 - 2015-01-11 13:16 - 00000328 _____ () C:\Users\Jessica\Desktop\HP Printer Diagnostic Tools.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 13:32 - 2012-08-31 18:21 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core.job
2015-02-08 13:31 - 2012-01-14 11:31 - 01071901 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 13:23 - 2012-08-31 21:07 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F39F52ED-33BB-48EE-8D13-48634EE5AB17}
2015-02-08 13:22 - 2013-09-29 16:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-08 13:21 - 2012-08-31 18:21 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA.job
2015-02-08 13:20 - 2014-09-02 15:15 - 00022223 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-08 13:20 - 2012-10-03 15:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 13:20 - 2012-09-30 20:39 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA.job
2015-02-08 13:20 - 2012-09-30 20:39 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core.job
2015-02-08 13:20 - 2012-09-17 15:18 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 13:20 - 2012-09-17 15:17 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 21:09 - 2014-01-22 19:16 - 00000000 ____D () C:\Users\Jessica\Desktop\autre
2015-02-06 21:08 - 2015-01-04 11:32 - 00000000 ____D () C:\Users\Jessica\Desktop\Hiver 2015
2015-02-06 21:07 - 2012-11-27 22:28 - 00000000 ____D () C:\Users\Jessica\Desktop\photos
2015-02-06 21:07 - 2012-09-09 09:55 - 00000000 ____D () C:\Users\Jessica\Desktop\UdeM
2015-02-06 21:01 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 21:01 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 20:53 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 20:52 - 2012-08-31 18:47 - 00000000 ____D () C:\Windows\Corel
2015-02-06 20:52 - 2010-11-20 23:47 - 00870788 _____ () C:\Windows\PFRO.log
2015-02-06 20:52 - 2009-07-14 00:51 - 00100969 _____ () C:\Windows\setupact.log
2015-02-06 19:02 - 2012-10-03 15:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 19:02 - 2012-10-03 15:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 19:02 - 2011-10-31 19:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 18:01 - 2015-01-05 21:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-06 18:01 - 2014-05-20 18:47 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-02-06 08:53 - 2009-07-14 01:13 - 00784366 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 08:49 - 2012-08-31 18:22 - 00002376 _____ () C:\Users\Jessica\Desktop\Google Chrome.lnk
2015-02-06 08:45 - 2012-08-31 10:28 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Skype
2015-02-05 10:57 - 2012-08-31 18:21 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA
2015-02-05 10:57 - 2012-08-31 18:21 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core
2015-02-05 10:34 - 2011-10-31 20:12 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-05 10:34 - 2011-10-31 20:12 - 00000000 ____D () C:\ProgramData\Skype
2015-01-28 16:03 - 2012-08-31 18:20 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Deployment
2015-01-28 15:53 - 2012-09-03 10:02 - 00075264 ___SH () C:\Users\Jessica\Documents\Thumbs.db
2015-01-28 09:05 - 2012-09-02 19:04 - 00000000 ____D () C:\Users\Jessica\AppData\Local\CrashDumps
2015-01-26 23:50 - 2012-09-01 18:02 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-25 18:50 - 2013-01-21 12:49 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-25 18:50 - 2012-09-01 18:55 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-21 16:33 - 2012-09-01 18:07 - 00000000 ____D () C:\ProgramData\Origin
2015-01-19 09:59 - 2015-01-04 11:10 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\HpUpdate
2015-01-17 12:55 - 2013-09-18 07:25 - 00000000 ____D () C:\Users\Jessica\Downloads\Druide_Téléchargement
2015-01-15 21:15 - 2013-08-15 01:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 20:56 - 2012-09-01 09:52 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 10:40 - 2009-07-14 00:45 - 00497848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-11 21:27 - 2014-02-09 21:21 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Origin
2015-01-11 21:25 - 2012-08-31 21:32 - 00136880 _____ () C:\Users\Jessica\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2012-08-31 19:00 - 2012-08-31 19:00 - 0012358 _____ () C:\Users\Jessica\AppData\Roaming\PFP100JCM.{PB
2012-08-31 19:00 - 2012-08-31 19:00 - 0061678 _____ () C:\Users\Jessica\AppData\Roaming\PFP100JPR.{PB
2014-01-28 15:38 - 2014-01-28 15:38 - 0018408 _____ () C:\Users\Jessica\AppData\Roaming\UserTile.png
2014-08-30 09:59 - 2014-10-02 04:11 - 0000069 _____ () C:\Users\Jessica\AppData\Roaming\WB.CFG
2014-03-02 18:34 - 2014-03-02 18:34 - 0000218 _____ () C:\Users\Jessica\AppData\Local\recently-used.xbel
2015-01-04 11:09 - 2015-01-04 11:09 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\Jessica\jagex_cl_runescape_LIVE.dat
C:\Users\Jessica\random.dat


Some content of TEMP:
====================
C:\Users\Jessica\AppData\Local\Temp\rootsupd.exe
C:\Users\Jessica\AppData\Local\Temp\Tsu081D9226.dll
C:\Users\Jessica\AppData\Local\Temp\Tsu58C84C53.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-04 00:21

==================== End Of Log ============================

Addition.txt :

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Jessica at 2015-02-08 13:33:00
Running from C:\Users\Jessica\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Antidote 8 (HKLM-x32\...\{09AAAB09-6DBA-4DD9-9865-54597D3FBCA8}) (Version: 8.04.1237 - Druide informatique inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assistant de téléchargement (HKLM-x32\...\{92154A3C-9BB7-49D7-A571-4EB6373FA5AD}) (Version: 6.65.13 - Druide informatique inc.)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.148 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2300 - Broadcom Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.2300 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.148 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-295CN (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Caesar 3 (HKLM-x32\...\Caesar 3) (Version: - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Coffee Tycoon (HKLM-x32\...\Coffee Tycoon) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (HKLM-x32\...\Connect) (Version: 1.4.13206.0 - Cisco Consumer Products LLC)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Creatures Albian Years (HKLM-x32\...\GOGPACKCREATURESALBIANYEARS_is1) (Version: 2.0.0.15 - GOG.com)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4422 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digital Copy - Despicable Me 2 (HKLM-x32\...\Digital Copy - Despicable Me 2) (Version: - )
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Foldit (HKLM-x32\...\Foldit) (Version: - )
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass PE 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6466.0 - IDT)
Influent - Language Learning Game version 4.0 (HKLM-x32\...\{B7437202-B014-4FF9-8C2C-3351873850EA}_is1) (Version: 4.0 - Three Flip Studios)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.6.1000 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeyFreeze (HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\266e56dfe0bcee5a) (Version: 1.0.0.1 - KeyFreeze)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft1.4.7 (HKLM-x32\...\Minecraft1.4.7) (Version: - )
Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
Parker Brothers Classic Card Games (HKLM-x32\...\ClassicCard) (Version: - )
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PhoneClean 3.1.0 (HKLM-x32\...\{2FAFFE02-4D6B-4C0A-906B-1B33DAF0DD14}}_is1) (Version: 3.1.0 - iMobie Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Sid Meier's Ace Patrol (HKLM-x32\...\Steam App 244070) (Version: - Firaxis Games)
Sid Meier's Civilization III: Complete (HKLM-x32\...\Steam App 3910) (Version: - Firaxis Games)
Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version: - Firaxis Games)
Sid Meier's Civilization IV: Beyond the Sword (HKLM-x32\...\Steam App 8800) (Version: - Firaxis Games)
Sid Meier's Civilization IV: Colonization (HKLM-x32\...\Steam App 16810) (Version: - Firaxis Games)
Sid Meier's Civilization IV: Warlords (HKLM-x32\...\Steam App 3990) (Version: - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sid Meier's Railroads! (HKLM-x32\...\Steam App 7600) (Version: - Firaxis Games)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{539CD9D5-487D-4C5A-A7BE-FA0C787C4D61}) (Version: 2.2.3.0 - Husdawg, LLC)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Sims Medieval Pirates and Nobles (HKLM-x32\...\{0CC21836-A5D6-4641-B4AE-6FA01D021E41}) (Version: 2.0.109 - Electronic Arts)
The Sims(tm) Medieval (HKLM-x32\...\{D3F66B94-DF84-4686-832E-D5761B478BF0}) (Version: 2.0.113.00107 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Trade Empires (remove only) (HKLM-x32\...\Trade Empires) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.0 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Utilitaires Sierra (HKLM-x32\...\Utilitaires Sierra) (Version: - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zoo Tycoon 2 - Zookeeper Collection (HKLM-x32\...\InstallShield_{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}) (Version: 1.00.0000 - Microsoft Game Studios)
Zoo Tycoon 2 - Zookeeper Collection (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.7\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{5563940C-ABF0-47B4-BB0E-B5D8680B570A}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\MoteurIntegration.exe (Druide informatique inc.)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{5563940D-49FD-4F1A-96AA-147B474290EE}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\MoteurIntegration.exe (Druide informatique inc.)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8E}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe (Druide informatique inc.)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8F}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\Antidote.exe (Druide informatique inc.)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{AD630E0F-BF29-4791-AD3B-A289E884E37C}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\Antidote.exe (Druide informatique inc.)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

13-01-2015 13:27:08 Windows Update
15-01-2015 21:15:59 Windows Modules Installer
16-01-2015 08:47:47 Windows Update
20-01-2015 11:04:03 Windows Update
28-01-2015 09:09:42 Windows Update
03-02-2015 15:04:06 Windows Update
06-02-2015 18:50:38 OTL Restore Point - 06/02/2015 6:50:32 PM

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AE8BD4F-B333-431C-B30F-84DEFAB00705} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {1B6A4A05-6555-4DB2-9920-EE08C7C889EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31] (Google Inc.)
Task: {1BBA5FDC-3AA7-435A-8F54-38FEAAB8A0B9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {1BC0FC16-EE23-486C-BFEC-558130761A7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {21203EDA-3CAD-4376-8138-7B15D5635D89} - System32\Tasks\{94672513-310A-4752-B1EF-9D085521CBDE} => pcalua.exe -a "C:\Users\Jessica\Desktop\Coffee Tycoon By ripgamingzone.blogspot.com.exe" -d C:\Users\Jessica\Desktop
Task: {2B2DFD4C-E92D-40A1-80D5-11F693C317B2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {35A0919D-4673-4B5A-B988-638517C5B04C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Tune-up Postponed => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4FAB5426-7C74-4C3E-8F57-CD80B25131C1} - System32\Tasks\HPCeeScheduleForJessica => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {55546AFE-D86B-4EEE-97DE-FAB89355BE68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {564A7D01-8E8E-4221-B48F-D8CAB0088727} - System32\Tasks\{9DB6F380-C757-4C6E-A46F-3B88881CB136} => pcalua.exe -a "C:\Program Files\Microsoft Games\Age of Empires II\age2upa.exe" -d "C:\Program Files\Microsoft Games\Age of Empires II"
Task: {5690E9EA-06FD-4371-B71F-834A73264531} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-04] (AVAST Software)
Task: {586220CC-14EA-4A2E-B859-A9637AA740AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {59356721-57C4-4526-8F63-BFAEFD23E63E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA => C:\Users\Jessica\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {5E7548A6-FE9F-49C4-981E-EFB21FDE514B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {6146C269-5251-458B-A168-F1C49E28FDDA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {69FD4A86-9200-439A-831D-225F33D7428A} - System32\Tasks\{8DA1DDE9-C13E-44F8-8E09-1ABC80F963BD} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)
Task: {77D8277C-B573-4B15-B14B-161A1F216CC9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-22] (CyberLink)
Task: {77E21822-4971-48E2-89C6-A060FCA994FE} - System32\Tasks\{AA012DD7-EE07-4682-A5B7-B59D4BB76B7C} => pcalua.exe -a C:\Users\Jessica\Desktop\Age-of-Empires-II.exe -d C:\Users\Jessica\Desktop
Task: {790D69B7-3063-4EB0-A0FC-06936BE0280D} - System32\Tasks\{D5BEC335-1F00-41E1-A6E1-BDCE190F8071} => pcalua.exe -a C:\ProgramData\sAvEnsoharree,\LbA6W7x0oP.exe -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {88966706-731C-4D07-AD2A-EEC73833FF04} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {8DE597E0-605F-4DA0-ACAC-873532091078} - System32\Tasks\{C821A77E-31DB-4387-960A-D95C237DBD6B} => pcalua.exe -a "C:\Program Files\Microsoft Games\Age of Empires II\SETUPREG.EXE" -d "C:\Program Files\Microsoft Games\Age of Empires II"
Task: {93F181FC-5E12-43AA-B30F-8EF690E46858} - System32\Tasks\{5D2186AD-918F-4BC5-9DDC-4F1B3A9C44B4} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)
Task: {9BBF6F38-A844-40E7-809C-C92AEE69357C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B0C0F223-50C6-4A65-86C1-546B85AF5690} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B2EE0C39-ACD8-4F22-8F02-398D9774B29E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {CAB241E8-4C60-4473-A0C5-5511742CFA37} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {CF1B371C-5BBD-4606-86A1-5FE4805BEA38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F0343CF8-D106-428F-9131-FED303B49B61} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31] (Google Inc.)
Task: {F0A26ECF-9632-4CDF-B199-5F3D8264AA4F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core => C:\Users\Jessica\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {F55A58FC-6854-47F5-A7B6-CCE0CD933E75} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core.job => C:\Users\Jessica\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA.job => C:\Users\Jessica\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core.job => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA.job => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJessica.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2012-09-01 14:03 - 2009-10-16 15:07 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
2014-09-01 09:27 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-23 20:49 - 2014-09-23 09:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-06-27 19:18 - 2011-06-27 19:18 - 00107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2014-04-04 16:46 - 2014-04-04 16:46 - 00106824 _____ () C:\Program Files (x86)\Druide\Antidote 8\Programmes64\libwebsocketsDruide_8.dll
2011-08-09 11:44 - 2011-08-09 11:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-04 13:31 - 2014-08-04 13:31 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-02-06 08:45 - 2015-02-06 08:45 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020501\algo.dll
2015-02-08 13:21 - 2015-02-08 13:21 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020800\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-04 16:46 - 2014-04-04 16:46 - 00091976 _____ () C:\Program Files (x86)\Druide\Antidote 8\Programmes32\libwebsocketsDruide_8.dll
2014-08-04 13:31 - 2014-08-04 13:31 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-20 10:43 - 2014-03-20 10:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-23 20:48 - 2014-09-23 07:43 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-02-06 08:49 - 2015-02-04 05:02 - 01117512 _____ () C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 08:49 - 2015-02-04 05:02 - 00211272 _____ () C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 08:49 - 2015-02-04 05:02 - 09170760 _____ () C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Jessica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Lync => "C:\Program Files\Microsoft Office 15\root\office15\lync.exe" /fromrunkey
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe

==================== Accounts: =============================

Administrator (S-1-5-21-2557544163-3699447316-167012314-500 - Administrator - Disabled)
Guest (S-1-5-21-2557544163-3699447316-167012314-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2557544163-3699447316-167012314-1008 - Limited - Enabled)
Jessica (S-1-5-21-2557544163-3699447316-167012314-1000 - Administrator - Enabled) => C:\Users\Jessica

==================== Faulty Device Manager Devices =============

Name: avast! Network Shield Support
Description: avast! Network Shield Support
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswTdi
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2015 09:10:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SpybotSD.exe version 1.6.2.46 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a14

Start Time: 01d0427124815639

Termination Time: 42

Application Path: C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe

Report Id: 111aaf04-ae66-11e4-99e6-60d819dfe9ec

Error: (02/06/2015 08:53:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 07:07:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6a8

Start Time: 01d0425ea9bdf028

Termination Time: 15

Application Path: C:\Users\Jessica\Desktop\OTL.exe

Report Id:

Error: (02/06/2015 05:40:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 08:43:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 50968303

Error: (02/06/2015 08:43:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 50968303

Error: (02/06/2015 08:43:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/06/2015 08:43:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 50967289

Error: (02/06/2015 08:43:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 50967289

Error: (02/06/2015 08:43:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/08/2015 01:20:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/08/2015 01:20:41 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/08/2015 01:20:37 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/07/2015 03:28:20 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/07/2015 03:28:16 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/07/2015 03:28:16 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/07/2015 03:28:15 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/07/2015 03:28:14 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/07/2015 03:28:14 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/07/2015 03:28:14 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (02/06/2015 09:10:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SpybotSD.exe1.6.2.461a1401d042712481563942C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe111aaf04-ae66-11e4-99e6-60d819dfe9ec

Error: (02/06/2015 08:53:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 07:07:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.06a801d0425ea9bdf02815C:\Users\Jessica\Desktop\OTL.exe

Error: (02/06/2015 05:40:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 08:43:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 50968303

Error: (02/06/2015 08:43:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 50968303

Error: (02/06/2015 08:43:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/06/2015 08:43:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 50967289

Error: (02/06/2015 08:43:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 50967289

Error: (02/06/2015 08:43:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
Date: 2014-10-01 17:56:44.165
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-01 17:56:43.633
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-20 22:39:54.791
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-20 22:39:54.776
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-20 22:39:53.606
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-20 22:39:53.590
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 49%
Total physical RAM: 6091.86 MB
Available physical RAM: 3088.17 MB
Total Pagefile: 12181.9 MB
Available Pagefile: 9016.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:672.59 GB) (Free:432.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (TRADE_EMPIRES) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 1E40B86E)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=672.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

aswMBR.txt :

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-02-08 13:35:00
-----------------------------
13:35:00.323 OS Version: Windows x64 6.1.7601 Service Pack 1
13:35:00.323 Number of processors: 4 586 0x2A07
13:35:00.323 ComputerName: JESSICA-HP UserName: Jessica
13:35:02.850 Initialize success
13:35:02.866 VM: initialized successfully
13:35:02.881 VM: Intel CPU supported virtualizedSuspended
13:35:04.476 VM: disk I/O iaStorA.sys
13:35:07.743 AVAST engine defs: 15020800
13:35:13.504 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
13:35:13.511 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 11
13:35:13.678 Disk 0 MBR read successfully
13:35:13.685 Disk 0 MBR scan
13:35:13.694 Disk 0 Windows 7 default MBR code
13:35:13.775 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
13:35:13.784 Disk 0 default boot code
13:35:13.799 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 688732 MB offset 409600
13:35:13.833 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 4062 MB offset 1456826368
13:35:13.972 Disk 0 scanning C:\Windows\system32\drivers
13:35:29.208 Service scanning
13:36:07.685 Modules scanning
13:36:07.687 Disk 0 trace - called modules:
13:36:07.701 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
13:36:07.702 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008ad9060]
13:36:07.703 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa8008949a70]
13:36:07.704 5 iaStorF.sys[fffff88001deaf84] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa80062675f0]
13:36:10.529 AVAST engine scan C:\Windows
13:36:14.029 AVAST engine scan C:\Windows\system32
13:40:09.217 AVAST engine scan C:\Windows\system32\drivers
13:40:28.896 AVAST engine scan C:\Users\Jessica
14:03:41.453 File: C:\Users\Jessica\Downloads\trzB778.tmp **INFECTED** Win32:Agent-AUVV [Trj]
14:08:34.001 AVAST engine scan C:\ProgramData
14:13:24.576 Disk 0 statistics 5376529/0/0 @ 1.41 MB/s
14:13:24.595 Scan finished successfully
14:15:05.405 Disk 0 MBR has been saved successfully to "C:\Users\Jessica\Desktop\MBR.dat"
14:15:05.421 The log file has been saved successfully to "C:\Users\Jessica\Desktop\aswMBR.txt"

OCD
2015-02-08, 22:22
Hi Jess37,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Please post the Spybot log.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) P2P - (Peer to Peer)

I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page (http://malwareremoval.com/p2pindex.php) will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

uTorrent
If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



Start
CloseProcesses:
C:\Users\Jessica\Downloads\trzB778.tmp
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {25E212C1-69E6-4924-90D3-CD7783E644F9} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-2557544163-3699447316-167012314-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
C:\Users\Jessica\jagex_cl_runescape_LIVE.dat
C:\Users\Jessica\random.dat
C:\Users\Jessica\AppData\Local\Temp\rootsupd.exe
C:\Users\Jessica\AppData\Local\Temp\Tsu081D9226.dll
C:\Users\Jessica\AppData\Local\Temp\Tsu58C84C53.dll
EmptyTemp:
CMD: ipconfig /flushdns
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a log file (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that log file in your next reply.
A copy of all log files are saved in the C:\AdwCleaner folder which was created when running the tool.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

Spybot log
checkup.txt
Fixlog.txt
AdwCleaner[R0].txt
new FRST.txt
What symptoms are you experiencing?

Jess37
2015-02-09, 02:25
Hi OCD! Thank you!

First, my laptop used to be use by my whole family so I didn't even know it was installed, thank you! It's uninstalled now

Second, I tried to do all the step in order, but my computer had to restart twice so I had to re-do my Security Check scan because I couldn't find the file after the restart.

Third, after the AdwCleaner, the file that opened was [S0] intead of [R0] but I'm gonna give you the [R0] that is in the C:\adwcleaner


Fourth, I don't really have symptoms... I just scanned my computer with Spybot after my teacher told the class to do so and I cleaned a few things but then the somoto thingy didn't want to clean. It was saying something about needing to restart because the file was still in use or in the memory :/ but after a restart it still couldn't be cleaned. So i did a bit of research on the net and it looked like it was hard to clean and then I found another person on that forum with that problem so since every computer is different I did my post :) The only weird thing that kinda scared me was that after I opened my computer, I had a few files with weird names and they weren't there before. They look pale just like hidden files. I took a print screen and I'm gonna put it as an attachment if you want to check it. There's nothing more than that. Oh when I restarted my laptop after the Security check, all my shortcut on the desktop were mixed and were everywhere on my desktop. I guess it's normal but just in case I'm telling you :) Ok so all the following logs are in order of the list you gave me at the end of your last post. And again thank you very much

Spybot log (Checks.150206-2102.txt) :


--- Report generated: 2015-02-06 21:02 ---


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2015-02-02 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-11-28 Includes\Adware-000.sbi (*)
2014-12-05 Includes\Adware-001.sbi (*)
2015-01-27 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-11-03 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2014-11-14 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-07-09 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-01-27 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-01-27 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2014-12-04 Includes\Spyware-000.sbi (*)
2014-12-09 Includes\Spyware-001.sbi (*)
2015-01-14 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2014-01-15 Includes\Trojans-000.sbi (*)
2014-02-26 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-28 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-10-02 Includes\Trojans-005.sbi (*)
2014-09-02 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-11-03 Includes\Trojans-009.sbi (*)
2015-01-21 Includes\Trojans-C.sbi (*)
2014-04-25 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-10-06 Includes\Trojans-ZB-000.sbi (*)
2014-10-27 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

checkup.txt :

Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox 32.0.3 Firefox out of Date!
Google Chrome 34.0.1847.137 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Fixlog.txt :

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Jessica at 2015-02-08 19:31:29 Run:1
Running from C:\Users\Jessica\Desktop
Loaded Profiles: Jessica (Available profiles: Jessica)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
C:\Users\Jessica\Downloads\trzB778.tmp
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {25E212C1-69E6-4924-90D3-CD7783E644F9} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-2557544163-3699447316-167012314-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
C:\Users\Jessica\jagex_cl_runescape_LIVE.dat
C:\Users\Jessica\random.dat
C:\Users\Jessica\AppData\Local\Temp\rootsupd.exe
C:\Users\Jessica\AppData\Local\Temp\Tsu081D9226.dll
C:\Users\Jessica\AppData\Local\Temp\Tsu58C84C53.dll
EmptyTemp:
CMD: ipconfig /flushdns
End
*****************

Processes closed successfully.
C:\Users\Jessica\Downloads\trzB778.tmp => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{25E212C1-69E6-4924-90D3-CD7783E644F9}" => Key deleted successfully.
HKCR\CLSID\{25E212C1-69E6-4924-90D3-CD7783E644F9} => Key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully.
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key deleted successfully.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
C:\Users\Jessica\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Jessica\random.dat => Moved successfully.
C:\Users\Jessica\AppData\Local\Temp\rootsupd.exe => Moved successfully.
C:\Users\Jessica\AppData\Local\Temp\Tsu081D9226.dll => Moved successfully.
C:\Users\Jessica\AppData\Local\Temp\Tsu58C84C53.dll => Moved successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 5.3 GB temporary data.


The system needed a reboot.

==== End of Fixlog 19:32:18 ====

AdwCleaner[R0].txt :

# AdwCleaner v3.311 - Report created 02/10/2014 at 21:12:32
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jessica - JESSICA-HP
# Running from : C:\Users\Jessica\Desktop\adwcleaner_3.311.exe
# Option : Scan

***** [ Services ] *****

Service Found : Util Caramava
Service Found : {e6ca9971-30ed-444a-9489-82fca50b2062}Gw64

***** [ Files / Folders ] *****

File Found : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Jessica\AppData\Roaming\LiveSupport.exe_log.txt
File Found : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\searchplugins\astromenda.xml
File Found : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\searchplugins\trovi-search.xml
File Found : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\user.js
File Found : C:\Users\Jessica\AppData\Roaming\regsvr32.exe_log.txt
File Found : C:\Windows\System32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\Astromenda
Folder Found : C:\Program Files (x86)\Caramava
Folder Found : C:\Program Files (x86)\savuEE Net
Folder Found : C:\ProgramData\374311380
Folder Found : C:\ProgramData\CheaupMMe
Folder Found : C:\ProgramData\JoniCouapon
Folder Found : C:\ProgramData\NetOCOuupono
Folder Found : C:\ProgramData\savuEE Net
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Found : C:\Users\Jessica\AppData\Local\Astromenda
Folder Found : C:\Users\Jessica\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgjlglddicjopgimohdcbmabacamll
Folder Found : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgjlglddicjopgimohdcbmabacamll
Folder Found : C:\Users\Jessica\AppData\Local\NativeMessaging
Folder Found : C:\Users\Jessica\AppData\Local\Temp\App Bud
Folder Found : C:\Users\Jessica\AppData\Local\torch
Folder Found : C:\Users\Jessica\AppData\Roaming\Astromenda
Folder Found : C:\Users\Jessica\AppData\Roaming\Systweak
Folder Found : C:\Users\Jessica\AppData\Roaming\VOPackage
Folder Found : C:\Users\Jessica\Documents\Optimizer Pro

***** [ Scheduled Tasks ] *****

Task Found : AmiUpdXp
Task Found : ASP
Task Found : Astromenda
Task Found : WSE_Astromenda

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Astromenda
Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\Astromenda
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfcgjlglddicjopgimohdcbmabacamll
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfcgjlglddicjopgimohdcbmabacamll
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : HKLM\SOFTWARE\VBMZ
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfcgjlglddicjopgimohdcbmabacamll
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfcgjlglddicjopgimohdcbmabacamll
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v29.0.1 (en-GB)

[ File : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : dlnembnfbcpjnepmfjmngjenhhajpdfd
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
Found [Extension] : jifflliplgeajjdhmkcfnngfpgbjonjg
Found [Extension] : klibnahbojhkanfgaglnlalfkgpcppfi
Found [Extension] : pfcgjlglddicjopgimohdcbmabacamll

*************************

AdwCleaner[R0].txt - [10402 octets] - [02/10/2014 21:12:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10463 octets] ##########

new FRST.txt :

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Jessica (administrator) on JESSICA-HP on 08-02-2015 19:46:28
Running from C:\Users\Jessica\Desktop
Loaded Profiles: Jessica (Available profiles: Jessica)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
( ) C:\Windows\System32\lxducoms.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{FF5553B1-D400-4CC3-A8E8-EF51D3FC0006}\GoogleUpdateSetup.exe
(Google Inc.) C:\Program Files (x86)\GUM5456.tmp\GoogleUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AgentAntidote32] => C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe [1214496 2014-04-17] (Druide informatique inc.)
HKLM\...\Run: [AgentAntidote64] => C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe [1371680 2014-04-17] (Druide informatique inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 1999-12-31] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7032320 2014-09-02] (Broadcom Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-09-27] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [Google Update] => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-31] (Google Inc.)
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {0f98fe82-32d1-11e4-bc44-806e6f6e6963} - D:\installer.exe
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {872b4627-a482-11e2-a3cb-78e3b5657a3c} - G:\autorun.exe
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {f5c6f352-f338-11e1-a99d-806e6f6e6963} - F:\Autorun.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2557544163-3699447316-167012314-1000 -> {AF94605B-2A56-445D-AE0A-F49AB3139389} URL = http://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=091513&q={searchTerms}&src=IE-SearchBox
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2557544163-3699447316-167012314-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory

FireFox:
========
FF ProfilePath: C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://ca.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://ca.yahoo.com?fr=hp-avast&type=avastbcl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jessica\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jessica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\searchplugins\yahoo-avast.xml
FF Extension: Module d'Antidote - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\Extensions\antidote7_win_firefox_103@druide.com [2014-06-13]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-01-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-29]

Chrome:
=======
CHR HomePage: Default -> https://www.google.ca/?gfe_rd=cr&ei=0GqQU_6sDION8QeZp4HoDw
CHR StartupUrls: Default -> "https://www.google.ca/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Simple Pass 2012) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\npwebsitelogon.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Windows Live\™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Jessica\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HP Product Detection Plugin) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2015-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
CHR Extension: (Adblock Plus) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-20]
CHR Extension: (Grass) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
StartMenuInternet: Google Chrome.S637RQSX4AEF2GNVA2WS2VIQTE - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-10] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( ) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-08] (Electronic Arts)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 1999-12-31] (IDT, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5878272 2014-09-02] (Broadcom Corporation) [File not signed]
S2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-20] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-02-08] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-09-27] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S1 aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys [X]
S1 aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 19:46 - 2015-02-08 19:46 - 06103040 _____ () C:\Program Files (x86)\GUT5457.tmp
2015-02-08 19:46 - 2015-02-08 19:46 - 00000000 ____D () C:\Program Files (x86)\GUM5456.tmp
2015-02-08 19:38 - 2015-02-08 19:38 - 02112512 _____ () C:\Users\Jessica\Desktop\AdwCleaner.exe
2015-02-08 19:38 - 2015-02-08 19:38 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-02-08 19:16 - 2015-02-08 19:16 - 00852594 _____ () C:\Users\Jessica\Desktop\SecurityCheck.exe
2015-02-08 19:02 - 2015-02-08 19:02 - 00000000 ____D () C:\Users\Jessica\Desktop\CPAC2
2015-02-08 14:15 - 2015-02-08 14:15 - 00002357 _____ () C:\Users\Jessica\Desktop\aswMBR.txt
2015-02-08 14:15 - 2015-02-08 14:15 - 00000512 _____ () C:\Users\Jessica\Desktop\MBR.dat
2015-02-08 13:34 - 2015-02-08 13:34 - 05198336 _____ (AVAST Software) C:\Users\Jessica\Desktop\aswMBR.exe
2015-02-08 13:33 - 2015-02-08 13:33 - 00048611 _____ () C:\Users\Jessica\Desktop\Addition.txt
2015-02-08 13:31 - 2015-02-08 19:46 - 00030734 _____ () C:\Users\Jessica\Desktop\FRST.txt
2015-02-08 13:29 - 2015-02-08 19:46 - 00000000 ____D () C:\FRST
2015-02-08 13:29 - 2015-02-08 13:29 - 02132992 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
2015-02-08 13:26 - 2015-02-08 13:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JESSICA-HP-Windows-7-Home-Premium-(64-bit).dat
2015-02-08 13:24 - 2015-02-08 13:24 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\RegBackup
2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-08 13:23 - 2015-02-08 13:23 - 04803888 _____ () C:\Users\Jessica\Desktop\tweaking.com_registry_backup_setup.exe
2015-02-02 16:57 - 2015-02-02 16:57 - 00001258 _____ () C:\Users\Jessica\Desktop\Spybot - Search & Destroy.lnk
2015-02-02 16:57 - 2015-02-02 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-02-02 16:56 - 2015-02-02 17:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-02 16:56 - 2015-02-02 16:57 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-01-21 15:20 - 2015-02-06 08:53 - 00000000 ____D () C:\Users\Jessica\Desktop\INFO1003
2015-01-18 10:47 - 2015-02-08 13:21 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForJessica.job
2015-01-18 10:47 - 2015-02-08 13:20 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJessica
2015-01-15 21:09 - 2014-12-18 23:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:42 - 2014-12-18 21:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:42 - 2014-12-12 01:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:42 - 2014-12-12 01:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:42 - 2014-12-12 01:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:42 - 2014-12-12 01:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:42 - 2014-12-12 01:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:42 - 2014-12-12 01:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:42 - 2014-12-12 01:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:42 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:42 - 2014-12-06 00:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:42 - 2014-12-05 23:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:42 - 2014-12-05 23:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 21:31 - 2015-01-11 22:02 - 00000000 ____D () C:\Foldit
2015-01-11 21:31 - 2015-01-11 21:31 - 00001408 _____ () C:\Users\Public\Desktop\Foldit.lnk
2015-01-11 21:31 - 2015-01-11 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foldit

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 19:47 - 2012-09-17 15:18 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 19:47 - 2012-09-17 15:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 19:47 - 2012-09-17 15:17 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-08 19:47 - 2012-09-17 15:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 19:46 - 2014-09-02 15:15 - 00006458 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-08 19:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 19:44 - 2009-07-14 00:51 - 00101137 _____ () C:\Windows\setupact.log
2015-02-08 19:43 - 2013-11-29 11:04 - 00000000 ____D () C:\AdwCleaner
2015-02-08 19:43 - 2012-01-14 11:31 - 01099351 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 19:41 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 19:41 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 19:33 - 2012-09-30 20:39 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA.job
2015-02-08 19:33 - 2010-11-20 23:47 - 00871448 _____ () C:\Windows\PFRO.log
2015-02-08 19:31 - 2012-08-31 21:02 - 00000000 ____D () C:\Users\Jessica
2015-02-08 19:05 - 2012-11-27 22:31 - 00000000 ___RD () C:\Users\Jessica\Desktop\autres docs
2015-02-08 19:03 - 2012-09-09 09:55 - 00000000 ____D () C:\Users\Jessica\Desktop\UdeM
2015-02-08 19:02 - 2012-10-03 15:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 19:02 - 2012-08-31 18:21 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA.job
2015-02-08 16:26 - 2014-06-03 20:05 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\uTorrent
2015-02-08 14:38 - 2012-09-01 18:02 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-08 14:17 - 2012-09-30 20:39 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core.job
2015-02-08 13:53 - 2013-01-21 12:49 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-08 13:53 - 2012-09-01 18:55 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-02-08 13:32 - 2012-08-31 18:21 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core.job
2015-02-08 13:23 - 2012-08-31 21:07 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F39F52ED-33BB-48EE-8D13-48634EE5AB17}
2015-02-08 13:22 - 2013-09-29 16:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-06 20:52 - 2012-08-31 18:47 - 00000000 ____D () C:\Windows\Corel
2015-02-06 19:02 - 2012-10-03 15:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 19:02 - 2012-10-03 15:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 19:02 - 2011-10-31 19:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 18:01 - 2015-01-05 21:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-06 18:01 - 2014-05-20 18:47 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-02-06 08:53 - 2009-07-14 01:13 - 00784366 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 08:49 - 2012-08-31 18:22 - 00002376 _____ () C:\Users\Jessica\Desktop\Google Chrome.lnk
2015-02-06 08:45 - 2012-08-31 10:28 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Skype
2015-02-05 10:57 - 2012-08-31 18:21 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA
2015-02-05 10:57 - 2012-08-31 18:21 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core
2015-02-05 10:34 - 2011-10-31 20:12 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-05 10:34 - 2011-10-31 20:12 - 00000000 ____D () C:\ProgramData\Skype
2015-01-28 16:03 - 2012-08-31 18:20 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Deployment
2015-01-28 15:53 - 2012-09-03 10:02 - 00075264 ___SH () C:\Users\Jessica\Documents\Thumbs.db
2015-01-28 09:05 - 2012-09-02 19:04 - 00000000 ____D () C:\Users\Jessica\AppData\Local\CrashDumps
2015-01-21 16:33 - 2012-09-01 18:07 - 00000000 ____D () C:\ProgramData\Origin
2015-01-19 09:59 - 2015-01-04 11:10 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\HpUpdate
2015-01-17 12:55 - 2013-09-18 07:25 - 00000000 ____D () C:\Users\Jessica\Downloads\Druide_Téléchargement
2015-01-15 21:15 - 2013-08-15 01:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 20:56 - 2012-09-01 09:52 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 10:40 - 2009-07-14 00:45 - 00497848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-11 21:27 - 2014-02-09 21:21 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Origin
2015-01-11 21:25 - 2012-08-31 21:32 - 00136880 _____ () C:\Users\Jessica\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2012-08-31 19:00 - 2012-08-31 19:00 - 0012358 _____ () C:\Users\Jessica\AppData\Roaming\PFP100JCM.{PB
2012-08-31 19:00 - 2012-08-31 19:00 - 0061678 _____ () C:\Users\Jessica\AppData\Roaming\PFP100JPR.{PB
2014-01-28 15:38 - 2014-01-28 15:38 - 0018408 _____ () C:\Users\Jessica\AppData\Roaming\UserTile.png
2014-08-30 09:59 - 2014-10-02 04:11 - 0000069 _____ () C:\Users\Jessica\AppData\Roaming\WB.CFG
2014-03-02 18:34 - 2014-03-02 18:34 - 0000218 _____ () C:\Users\Jessica\AppData\Local\recently-used.xbel
2015-01-04 11:09 - 2015-01-04 11:09 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Jessica\AppData\Local\Temp\Quarantine.exe
C:\Users\Jessica\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-04 00:21

==================== End Of Log ============================





Now the print screen :
12030

Thanks

OCD
2015-02-09, 03:05
Hi Jess37,

You're quite welcome.

The icons on your desktop that begin with "~" are Word documents, generally they appear like this when they are still open in Word. Open Word and be sure all the documents are closed.

If they are still present after you confirm they are closed, the following step may correct the issue. If not, let me know.

=========================

Desktop.ini files by default have the System and Hidden attributes set. If you have Show hidden files, folders, and drives turned on, make sure Hide protected operating system files is checked under Windows Explorer's

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Hide protected operating system files


To show hidden files, just click on the Organize button in any folder, and then select “Folder and Search Options” from the menu.
Click the View tab, and then locate “Show hidden files and folders” in the list.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/folderoptions_zps9e7f127d.gif

Place a check mark in the box next to "Hide protected operating system files"
Click Apply, then OK.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Reset Homepage in Browsers

Reset Homepage in Internet Explorer

Open Internet Explorer >Tools >Internet Option >General.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/InternetExplorerResetHomepage_zpsf28d6726.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/InternetExplorerResetHomepage_zpsf28d6726.jpg.html)

You have two options:

One is to set homepage as a blank page.
The other is to set a certain website as the homepage. ( www.google.com )
Then click OK to save the change.
=========================

Reset Firefox Homepage

Click on the Firefox drop down arrow in the upper left corner of your browser.
Select Options, the select Options again.
On the General tab, locate the Home Page field.
Enter the URL you would like to use as your home page (ie: http://www.google.com ), or select the Restore to Default button.
Click OK
=========================

Reset / Change Homepage in Chrome

Click the Chrome menu http://i1269.photobucket.com/albums/jj590/OCD-WTT/chromebrowsertoolbar.png on the browser toolbar.
Select Settings.

Add the home button to the browser toolbar
Home page button is off by default. Select the "Show Home button" checkbox in the "Appearance" section to show it on the browser toolbar.
Set your home page
When the "Show Home button" checkbox is selected, a web address appears below it.
Click Change to enter a link (i.e. http://www.google.com (http://www.google.com)). You can also choose the New Tab page as your home page.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.

Download the version suitable to your computer.
32 bit System:
Link 1 - 32 bit (http://jpshortstuff.247fixes.com/SystemLook.exe)
Link 2 - 32 bit (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 bit System:
Link 1 - 64 bit (http://jpshortstuff.247fixes.com/SystemLook_x64.exe)
Link 2 - 64 bit (http://images.malwareremoval.com/jpshortstuff/SystemLook_x64.exe)

Right click SystemLook.exe and select "Run as Administrator" to run it.
Copy the content of the following code-box into the main text-field:


:filefind
*Somoto*

:folderfind
*Somoto*

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) AdwCleaner v3: Scan & Clean (http://www.bleepingcomputer.com/download/adwcleaner/)

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Junkware Removal Tool

Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



Start
CloseProcesses:
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {0f98fe82-32d1-11e4-bc44-806e6f6e6963} - D:\installer.exe
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {872b4627-a482-11e2-a3cb-78e3b5657a3c} - G:\autorun.exe
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {f5c6f352-f338-11e1-a99d-806e6f6e6963} - F:\Autorun.exe
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:

SystemLook.txt
AdwCleaner[S0].txt & AdwCleaner[S1].txt
JRT.txt
Fixlog.txt

Jess37
2015-02-09, 04:35
Okay ! they were not open in Word, they are like 1-2 year old homework haha! But after the protect hidden file thingy they all disapeared! (I went to do it in control panel - folder option)

When I opened Internet Explorer (didn't even remember I had that on my laptop haha!) It asked me to allow Avast! for something about protection so I allowed it. It ask for ''Spybot-SD IE Protection'' Add-on is ready for use and I enabled it.

While I'm doing the reset of the homepages, I wonder which is best, Chrome, Firefox or Explorer?

For the adwcleaner, in the notepad, it was [S2] that opened not [S0] so I'll copy-paste S2 too after S0 and S1 (just in case it's helpful, just wanna help you)

For the junkware removal tool, I couldn't find a way to close Avast. It always stayed in my bar in the bottom right corner of my screen

SystemLook log :

SystemLook 30.07.11 by jpshortstuff
Log created at 21:49 on 08/02/2015 by Jessica
Administrator - Elevation successful

========== filefind ==========

Searching for "*Somoto*"
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip --a---- 541 bytes [21:52 02/02/2015] [21:52 02/02/2015] 3504F013AE62573E00FE2AE3B491A4E6
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller1.zip --a---- 614 bytes [21:52 02/02/2015] [21:52 02/02/2015] 13EA0D2CB0D2D5D17A4CFF7BBA34C1E9
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller2.zip --a---- 541 bytes [21:52 02/02/2015] [21:52 02/02/2015] 030C398A9E1AB8A3BAAC7391D026F01E
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller3.zip --a---- 614 bytes [21:52 02/02/2015] [21:52 02/02/2015] 542F97CFE59C54843F258FB89C7C68DC
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller4.zip --a---- 543 bytes [22:42 06/02/2015] [22:42 06/02/2015] A1EC49DFE52FF62DEB359B3EC1786E02
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller5.zip --a---- 616 bytes [22:42 06/02/2015] [22:42 06/02/2015] D861DB29EFC70CA753A26FDF163C64EF
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller6.zip --a---- 541 bytes [23:00 06/02/2015] [23:00 06/02/2015] F81ADF2B366029DC5098B93988004483
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller7.zip --a---- 614 bytes [23:00 06/02/2015] [23:00 06/02/2015] 7D079BE4C715548329E294DF52840B13
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip --a---- 541 bytes [21:52 02/02/2015] [21:52 02/02/2015] 3504F013AE62573E00FE2AE3B491A4E6
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller1.zip --a---- 614 bytes [21:52 02/02/2015] [21:52 02/02/2015] 13EA0D2CB0D2D5D17A4CFF7BBA34C1E9
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller2.zip --a---- 541 bytes [21:52 02/02/2015] [21:52 02/02/2015] 030C398A9E1AB8A3BAAC7391D026F01E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller3.zip --a---- 614 bytes [21:52 02/02/2015] [21:52 02/02/2015] 542F97CFE59C54843F258FB89C7C68DC
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller4.zip --a---- 543 bytes [22:42 06/02/2015] [22:42 06/02/2015] A1EC49DFE52FF62DEB359B3EC1786E02
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller5.zip --a---- 616 bytes [22:42 06/02/2015] [22:42 06/02/2015] D861DB29EFC70CA753A26FDF163C64EF
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller6.zip --a---- 541 bytes [23:00 06/02/2015] [23:00 06/02/2015] F81ADF2B366029DC5098B93988004483
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller7.zip --a---- 614 bytes [23:00 06/02/2015] [23:00 06/02/2015] 7D079BE4C715548329E294DF52840B13

========== folderfind ==========

Searching for "*Somoto*"
No folders found.

-= EOF =-

awdcleaner S0 :

# AdwCleaner v3.311 - Report created 02/10/2014 at 21:15:09
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jessica - JESSICA-HP
# Running from : C:\Users\Jessica\Desktop\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Util Caramava
Service Deleted : {e6ca9971-30ed-444a-9489-82fca50b2062}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\CheaupMMe
Folder Deleted : C:\ProgramData\JoniCouapon
Folder Deleted : C:\ProgramData\NetOCOuupono
Folder Deleted : C:\ProgramData\savuEE Net
Folder Deleted : C:\Program Files (x86)\Astromenda
Folder Deleted : C:\Program Files (x86)\Caramava
Folder Deleted : C:\Program Files (x86)\savuEE Net
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Jessica\AppData\Local\Astromenda
Folder Deleted : C:\Users\Jessica\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Jessica\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Jessica\AppData\Local\torch
Folder Deleted : C:\Users\Jessica\AppData\Local\Temp\App Bud
Folder Deleted : C:\Users\Jessica\AppData\Roaming\Astromenda
Folder Deleted : C:\Users\Jessica\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Jessica\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Jessica\Documents\Optimizer Pro
Folder Deleted : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgjlglddicjopgimohdcbmabacamll
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
[!] Folder Deleted : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgjlglddicjopgimohdcbmabacamll
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys
File Deleted : C:\Users\Jessica\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\Jessica\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\searchplugins\astromenda.xml
File Deleted : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\searchplugins\trovi-search.xml
File Deleted : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\user.js
File Deleted : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : AmiUpdXp
Task Deleted : ASP
Task Deleted : Astromenda
Task Deleted : WSE_Astromenda

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfcgjlglddicjopgimohdcbmabacamll
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfcgjlglddicjopgimohdcbmabacamll
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\Astromenda
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v29.0.1 (en-GB)

[ File : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : dlnembnfbcpjnepmfjmngjenhhajpdfd
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : jifflliplgeajjdhmkcfnngfpgbjonjg
Deleted [Extension] : klibnahbojhkanfgaglnlalfkgpcppfi
Deleted [Extension] : pfcgjlglddicjopgimohdcbmabacamll

*************************

AdwCleaner[R0].txt - [10612 octets] - [02/10/2014 21:12:32]
AdwCleaner[S0].txt - [9846 octets] - [02/10/2014 21:15:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9906 octets] ##########

awdcleaner S1 :

# AdwCleaner v4.110 - Logfile created 08/02/2015 at 19:42:59
# Updated 05/02/2015 by Xplode
# Database : 2015-02-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jessica - JESSICA-HP
# Running from : C:\Users\Jessica\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AAllSauveer
Folder Deleted : C:\ProgramData\8b9a5f2a1506d3e1
Folder Deleted : C:\Users\Jessica\AppData\Local\DriverTuner

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99E29823-2F67-41C3-8AA5-6425097A771F}
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverTuner
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v32.0.3 (x86 en-GB)


-\\ Google Chrome v


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [10612 bytes] - [02/10/2014 20:12:32]
AdwCleaner[R1].txt - [1553 bytes] - [08/02/2015 19:38:39]
AdwCleaner[S0].txt - [10018 bytes] - [02/10/2014 20:15:09]
AdwCleaner[S1].txt - [1401 bytes] - [08/02/2015 19:42:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1460 bytes] ##########

awdcleaner S2 :

# AdwCleaner v4.110 - Logfile created 08/02/2015 at 22:06:14
# Updated 05/02/2015 by Xplode
# Database : 2015-02-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jessica - JESSICA-HP
# Running from : C:\Users\Jessica\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v32.0.3 (x86 en-GB)


-\\ Google Chrome v


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [10612 bytes] - [02/10/2014 20:12:32]
AdwCleaner[R1].txt - [1553 bytes] - [08/02/2015 19:38:39]
AdwCleaner[R2].txt - [1070 bytes] - [08/02/2015 21:56:01]
AdwCleaner[R3].txt - [1130 bytes] - [08/02/2015 22:00:58]
AdwCleaner[S0].txt - [10018 bytes] - [02/10/2014 20:15:09]
AdwCleaner[S1].txt - [1540 bytes] - [08/02/2015 19:42:59]
AdwCleaner[S2].txt - [1058 bytes] - [08/02/2015 22:06:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1117 bytes] ##########

Jrt.txt :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Jessica on 08/02/2015 at 22:14:01.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{11E6EC49-7041-4602-BC6E-5BDD638B2D9C}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{845E03C3-EBED-4615-9BA7-D2EFE7941615}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{967BED3D-1072-4608-90E4-D6D290AE3547}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/02/2015 at 22:21:17.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fixlog.txt :

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Jessica at 2015-02-08 22:24:01 Run:2
Running from C:\Users\Jessica\Desktop
Loaded Profiles: Jessica (Available profiles: Jessica)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {0f98fe82-32d1-11e4-bc44-806e6f6e6963} - D:\installer.exe
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {872b4627-a482-11e2-a3cb-78e3b5657a3c} - G:\autorun.exe
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {f5c6f352-f338-11e1-a99d-806e6f6e6963} - F:\Autorun.exe
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-2557544163-3699447316-167012314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => Key deleted successfully.
"HKU\S-1-5-21-2557544163-3699447316-167012314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f98fe82-32d1-11e4-bc44-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{0f98fe82-32d1-11e4-bc44-806e6f6e6963} => Key not found.
"HKU\S-1-5-21-2557544163-3699447316-167012314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{872b4627-a482-11e2-a3cb-78e3b5657a3c}" => Key deleted successfully.
HKCR\CLSID\{872b4627-a482-11e2-a3cb-78e3b5657a3c} => Key not found.
"HKU\S-1-5-21-2557544163-3699447316-167012314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5c6f352-f338-11e1-a99d-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{f5c6f352-f338-11e1-a99d-806e6f6e6963} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
EmptyTemp: => Removed 56 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:24:09 ====

OCD
2015-02-09, 10:39
Hi Jess37,


While I'm doing the reset of the homepages, I wonder which is best, Chrome, Firefox or Explorer?

There is no best browser. Browsers are just a personal preference. Whichever one you are most comfortable with.

=========================

The Somoto items are in Spybot's quarantine folder, but let's remove them anyway.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



Start
CloseProcesses:
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller1.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller2.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller3.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller4.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller5.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller6.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller7.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller1.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller2.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller3.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller4.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller5.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller6.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller7.zip
EmptyTemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) (save it to your desktop).


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Select Scan tab.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)
Select type of scan to perform:
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMScanTab_zps2c5e74bd.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMScanTab_zps2c5e74bd.gif.html)

Threat Scan < --- Select this type of scan
Custom Scan
Hyper Scan

Next click the Scan button.
When the scan is complete, if no malicious items are found you can close the program.
If malicious items are found be sure that everything is checked, and click Quarantine .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ESET Online Scanner

*Note:

It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)


Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is Un-checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.

=========================

In your next post please provide the following:


Fixlog.txt
MBAM log
ESET's log.txt
How's the computer running, any symptoms?

Jess37
2015-02-10, 02:45
Ok well I'm doing the ESET online scanner and it's reaaaally slow.... It has been 3h06 and it's at only 47%..... It's the WildTangent files that takes the more time.... So I'm gonna run it overnight and finish all that you asked for tomorrow :)

OCD
2015-02-10, 03:01
Hi Jess37,

Yes, sometimes ESET can take quite a few hours to complete. Post the logs when they are available. :bigthumb:

Jess37
2015-02-10, 04:20
Okay so if I have any symptoms? Well the only thing is that it takes way more time betwewn writting my password to enter in my windows account and seeing my desktop... And yeah my laptop is slow, don't know if it's because it's not a good one or if it's cause by something else like a virus

Will you be able to tell me when to delete the different log files on my desktop and aswmbr, securitycheck, registery backup, jrt, systemlook, adwcleaner, malwarebytes, etc. and tell me which is good to keep with spybot??

There was 4 detected non-malware items with malwarebyte : 2 PUP.Optional.Rocketfuel, 1 PUP.Optional.Softonic.A, 1 PUP.Optional.WhiteSmoke.A (this one was blue) Now they are all cleaned

ESET took long enough XD 4h30 damn! but here it is, before I go to sleep! :)

So here's the log in order

Fixlog :

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Jessica at 2015-02-09 08:39:30 Run:3
Running from C:\Users\Jessica\Desktop
Loaded Profiles: Jessica (Available profiles: Jessica)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller1.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller2.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller3.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller4.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller5.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller6.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller7.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller1.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller2.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller3.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller4.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller5.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller6.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller7.zip
EmptyTemp:
End
*****************

Processes closed successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller1.zip => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller2.zip => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller3.zip => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller4.zip => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller5.zip => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller6.zip => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller7.zip => Moved successfully.
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip" => File/Directory not found.
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller1.zip" => File/Directory not found.
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller2.zip" => File/Directory not found.
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller3.zip" => File/Directory not found.
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller4.zip" => File/Directory not found.
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller5.zip" => File/Directory not found.
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller6.zip" => File/Directory not found.
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller7.zip" => File/Directory not found.
EmptyTemp: => Removed 7.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 08:39:39 ====

Malware bytes log (i think it's this one) :

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/02/09 08:54:15 -0400</date>
<logfile>mbam-log-2015-02-09 (08-54-13).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.02.09.05</malware-database>
<rootkit-database>v2015.02.03.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Jessica</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>387138</objects>
<time>2222</time>
<processes>0</processes>
<modules>0</modules>
<keys>2</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>2</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>warn</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>8adfa07c7218fb3bf0eb0e82d72cf30d</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\WhiteSmoke_New</path><vendor>PUP.Optional.WhiteSmoke.A</vendor><action>success</action><hash>cb9e37e5fc8e01356db06435aa59c43c</hash></key>
<file><path>C:\Users\Jessica\Downloads\PDFCreatorInstaller (1).exe</path><vendor>PUP.Optional.Rocketfuel</vendor><action>success</action><hash>432649d38ffb1d19dac1a545e71a9b65</hash></file>
<file><path>C:\Users\Jessica\Downloads\PDFCreatorInstaller.exe</path><vendor>PUP.Optional.Rocketfuel</vendor><action>success</action><hash>412857c5216962d4217a67837b868d73</hash></file>
</items>
</mbam-log>

ESET (there's alot of threats D: ) :

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js JS/Chromex.Agent.L trojan
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js JS/Chromex.Agent.L trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js JS/Kryptik.ATB trojan
C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js JS/Kryptik.ATB trojan
C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js JS/Chromex.Agent.L trojan
C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js JS/Kryptik.ATB trojan
C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js JS/Kryptik.ATB trojan
C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js JS/Chromex.Agent.L trojan
C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js JS/Kryptik.ATB trojan
C:\Users\Jessica\Downloads\iMeshSetup-r1157-n-bc.exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hk64tbWhi0.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hk64tbWhit.dll Win64/Toolbar.Conduit.A potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hktbWhi0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hktbWhit.dll Win32/Toolbar.Conduit.W potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\ldrtbWhi0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\ldrtbWhit.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\tbWhi0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\tbWhi1.dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\tbWhit.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hk64tbWhi0.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hk64tbWhit.dll Win64/Toolbar.Conduit.A potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hktbWhi0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hktbWhit.dll Win32/Toolbar.Conduit.W potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\ldrtbWhi0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\ldrtbWhit.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\tbWhi0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\tbWhi1.dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\tbWhit.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\NativeMessaging\CT3287802\1_0_0_4\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\torch\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\torch\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\torch\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\torch\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\torch\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\torch\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Roaming\Astromenda\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir Win32/Systweak.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Roaming\VOPackage\runasu.exe.vir a variant of Win32/VOPackage.V potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Roaming\VOPackage\VOPackage.exe.vir Win32/VOPackage.AD potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys.vir a variant of Win64/BrowseFox.BN potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Jessica\Downloads\trzB778.tmp.xBAD a variant of Win32/AdWare.MultiPlug.CT application cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

OCD
2015-02-10, 05:23
Hi Jess37,


Will you be able to tell me when to delete the different log files on my desktop and aswmbr, securitycheck, registery backup, jrt, systemlook, adwcleaner, malwarebytes, etc. and tell me which is good to keep with spybot??
Yes, I will cover all those questions as soon as we finish cleaning the malware from your computer. (soon :))

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Delete cache and other browser data in Chrome

Click the Chrome menu http://i1269.photobucket.com/albums/jj590/OCD-WTT/chromebrowsertoolbar.png on the browser toolbar.
Select Tools.
Select Clear browsing data.
In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.

Clear browsing history
Clear download history
Empty the cache
Delete cookies and other site and plug-in data
Clear saved passwords
Clear saved Autofill form data
Clear data from hosted apps
Deauthorize content licenses

Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
Click Clear browsing data.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



Start
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\WhiteSmoke_New
C:\Users\Jessica\Downloads\PDFCreatorInstaller (1)
C:\Users\Jessica\Downloads\PDFCreatorInstaller.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New
C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New
C:\Users\Jessica\Downloads\iMeshSetup-r1157-n-bc.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) TFC

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program

Vista, Windows 7 & 8 Right click and select "Run as Administrator"

TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

Fixlog.txt
new FRST

Jess37
2015-02-10, 19:09
Okay so I tried to do the tfc and that happened (picture) something about a problem with windows!!! I don't know if it's because my cat was lying almost on my laptop or if it's something else but I feel like I should tell you :S12035 amd now the same "pale files" are back on my desktop... :(

Jess37
2015-02-10, 19:14
Okay so I tried to do the tfc and that happened (picture) something about a problem with windows!!! I don't know if it's because my cat was lying almost on my laptop or if it's something else but I feel like I should tell you :S12035 amd now the same "pale files" are back on my desktop... :(

And I did the FRST thing before, here's the log :

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Jessica at 2015-02-10 12:59:18 Run:4
Running from C:\Users\Jessica\Desktop
Loaded Profiles: Jessica (Available profiles: Jessica)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\WhiteSmoke_New
C:\Users\Jessica\Downloads\PDFCreatorInstaller (1)
C:\Users\Jessica\Downloads\PDFCreatorInstaller.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New
C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New
C:\Users\Jessica\Downloads\iMeshSetup-r1157-n-bc.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
End
*****************

HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic => Error: No automatic fix found for this entry.
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\WhiteSmoke_New => Error: No automatic fix found for this entry.
"C:\Users\Jessica\Downloads\PDFCreatorInstaller (1)" => File/Directory not found.
"C:\Users\Jessica\Downloads\PDFCreatorInstaller.exe" => File/Directory not found.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New => Moved successfully.
"C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New" => File/Directory not found.
C:\Users\Jessica\Downloads\iMeshSetup-r1157-n-bc.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc => Moved successfully.
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi => Moved successfully.
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc => Moved successfully.
C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi => Moved successfully.
C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc => Moved successfully.
C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi => Moved successfully.
C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc => Moved successfully.

==== End of Fixlog 12:59:31 ====

OCD
2015-02-10, 19:46
Hi Jess37,

Do you continue to receive the Stop Error message?
Have you installed any new hardware or did you have a usb flash drive plugged in at the time?

As for the "pale images", go back to the previous step and re-hide the files and folders.

Other than these issues, how is the computer running?

Jess37
2015-02-10, 19:56
I didn't install hardware, just the things you asked me. There's only my cordless Logitech mouse plugged in and I freaked out so I didn't try again... Now I did it again and it's working! Fiouuuuuuu!!! :)

OCD
2015-02-10, 20:05
Great, do you have any outstanding issues?

Jess37
2015-02-10, 20:09
Great, do you have any outstanding issues? Don't think so :)

Here's the FRST log :

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Jessica (administrator) on JESSICA-HP on 10-02-2015 14:04:16
Running from C:\Users\Jessica\Desktop
Loaded Profiles: Jessica (Available profiles: Jessica)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
( ) C:\Windows\System32\lxducoms.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AgentAntidote32] => C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe [1214496 2014-04-17] (Druide informatique inc.)
HKLM\...\Run: [AgentAntidote64] => C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe [1371680 2014-04-17] (Druide informatique inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 1999-12-31] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7032320 2014-09-02] (Broadcom Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-09-27] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [Google Update] => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-31] (Google Inc.)
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2557544163-3699447316-167012314-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://ca.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jessica\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jessica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\searchplugins\yahoo-avast.xml
FF Extension: Module d'Antidote - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\Extensions\antidote7_win_firefox_103@druide.com [2014-06-13]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-01-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-29]

Chrome:
=======
CHR HomePage: Default -> https://www.google.ca/
CHR StartupUrls: Default -> "https://www.google.ca/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Simple Pass 2012) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\npwebsitelogon.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Windows Live\™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Jessica\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HP Product Detection Plugin) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2015-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
CHR Extension: (Adblock Plus) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-20]
CHR Extension: (Grass) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
StartMenuInternet: Google Chrome.S637RQSX4AEF2GNVA2WS2VIQTE - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-10] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( ) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-08] (Electronic Arts)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 1999-12-31] (IDT, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5878272 2014-09-02] (Broadcom Corporation) [File not signed]
S2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-20] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-02-10] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-09-27] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S1 aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys [X]
S1 aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 14:01 - 2015-02-10 14:01 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-02-10 13:05 - 2015-02-10 13:05 - 00262144 _____ () C:\Windows\Minidump\021015-20732-01.dmp
2015-02-10 13:00 - 2015-02-10 13:00 - 00448512 _____ (OldTimer Tools) C:\Users\Jessica\Desktop\TFC.exe
2015-02-09 22:12 - 2015-02-09 22:12 - 00022379 _____ () C:\Users\Jessica\Desktop\ESET.txt
2015-02-09 09:44 - 2015-02-09 09:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-09 08:52 - 2015-02-09 08:52 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-09 08:50 - 2015-02-09 08:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jessica\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-08 22:21 - 2015-02-08 22:21 - 00001010 _____ () C:\Users\Jessica\Desktop\JRT.txt
2015-02-08 22:11 - 2015-02-08 22:12 - 01388274 _____ (Thisisu) C:\Users\Jessica\Desktop\JRT.exe
2015-02-08 21:49 - 2015-02-08 21:54 - 00005960 _____ () C:\Users\Jessica\Desktop\SystemLook.txt
2015-02-08 21:47 - 2015-02-08 21:47 - 00165376 _____ () C:\Users\Jessica\Desktop\SystemLook_x64.exe
2015-02-08 21:34 - 2015-02-08 21:34 - 00000000 __SHD () C:\Users\Jessica\AppData\Local\EmieBrowserModeList
2015-02-08 19:38 - 2015-02-08 19:38 - 02112512 _____ () C:\Users\Jessica\Desktop\AdwCleaner.exe
2015-02-08 19:16 - 2015-02-08 19:16 - 00852594 _____ () C:\Users\Jessica\Desktop\SecurityCheck.exe
2015-02-08 19:02 - 2015-02-08 19:02 - 00000000 ____D () C:\Users\Jessica\Desktop\CPAC2
2015-02-08 14:15 - 2015-02-08 14:15 - 00002357 _____ () C:\Users\Jessica\Desktop\aswMBR.txt
2015-02-08 14:15 - 2015-02-08 14:15 - 00000512 _____ () C:\Users\Jessica\Desktop\MBR.dat
2015-02-08 13:34 - 2015-02-08 13:34 - 05198336 _____ (AVAST Software) C:\Users\Jessica\Desktop\aswMBR.exe
2015-02-08 13:33 - 2015-02-08 13:33 - 00048611 _____ () C:\Users\Jessica\Desktop\Addition.txt
2015-02-08 13:31 - 2015-02-10 14:04 - 00030059 _____ () C:\Users\Jessica\Desktop\FRST.txt
2015-02-08 13:29 - 2015-02-10 14:04 - 00000000 ____D () C:\FRST
2015-02-08 13:29 - 2015-02-08 13:29 - 02132992 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
2015-02-08 13:26 - 2015-02-08 13:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JESSICA-HP-Windows-7-Home-Premium-(64-bit).dat
2015-02-08 13:24 - 2015-02-08 13:24 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\RegBackup
2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-08 13:23 - 2015-02-08 13:23 - 04803888 _____ () C:\Users\Jessica\Desktop\tweaking.com_registry_backup_setup.exe
2015-02-02 16:57 - 2015-02-02 16:57 - 00001258 _____ () C:\Users\Jessica\Desktop\Spybot - Search & Destroy.lnk
2015-02-02 16:57 - 2015-02-02 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-02-02 16:56 - 2015-02-02 17:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-02 16:56 - 2015-02-02 16:57 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-01-21 15:20 - 2015-02-06 08:53 - 00000000 ____D () C:\Users\Jessica\Desktop\INFO1003
2015-01-18 10:47 - 2015-02-08 13:21 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForJessica.job
2015-01-18 10:47 - 2015-02-08 13:20 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJessica
2015-01-15 21:09 - 2014-12-18 23:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:42 - 2014-12-18 21:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:42 - 2014-12-12 01:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:42 - 2014-12-12 01:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:42 - 2014-12-12 01:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:42 - 2014-12-12 01:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:42 - 2014-12-12 01:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:42 - 2014-12-12 01:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:42 - 2014-12-12 01:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:42 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:42 - 2014-12-06 00:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:42 - 2014-12-05 23:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:42 - 2014-12-05 23:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 21:31 - 2015-01-11 22:02 - 00000000 ____D () C:\Foldit
2015-01-11 21:31 - 2015-01-11 21:31 - 00001408 _____ () C:\Users\Public\Desktop\Foldit.lnk
2015-01-11 21:31 - 2015-01-11 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foldit

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 14:02 - 2014-09-02 15:15 - 00006458 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-10 14:02 - 2012-10-03 15:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-10 14:02 - 2012-08-31 18:21 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA.job
2015-02-10 13:59 - 2012-09-17 15:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-10 13:59 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-10 13:59 - 2009-07-14 00:51 - 00101641 _____ () C:\Windows\setupact.log
2015-02-10 13:58 - 2012-01-14 11:31 - 01260562 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 13:52 - 2012-09-17 15:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 13:15 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 13:15 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 13:05 - 2014-12-08 19:59 - 708021736 _____ () C:\Windows\MEMORY.DMP
2015-02-10 13:05 - 2014-12-08 19:59 - 00000000 ____D () C:\Windows\Minidump
2015-02-10 12:51 - 2013-09-29 16:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-10 12:48 - 2010-11-20 23:47 - 00873936 _____ () C:\Windows\PFRO.log
2015-02-09 21:44 - 2012-09-30 20:39 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA.job
2015-02-09 21:44 - 2012-09-30 20:39 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core.job
2015-02-09 17:43 - 2012-08-31 18:21 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core.job
2015-02-09 17:30 - 2012-08-31 21:07 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F39F52ED-33BB-48EE-8D13-48634EE5AB17}
2015-02-09 09:37 - 2014-10-02 20:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 09:33 - 2014-01-29 21:02 - 00000000 __SHD () C:\Windows\ftpcache
2015-02-09 08:52 - 2014-10-02 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-09 08:52 - 2014-10-02 20:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-08 22:06 - 2013-11-29 11:04 - 00000000 ____D () C:\AdwCleaner
2015-02-08 19:56 - 2013-09-29 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-02-08 19:47 - 2012-09-17 15:18 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 19:47 - 2012-09-17 15:17 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-08 19:31 - 2012-08-31 21:02 - 00000000 ____D () C:\Users\Jessica
2015-02-08 19:05 - 2012-11-27 22:31 - 00000000 ___RD () C:\Users\Jessica\Desktop\autres docs
2015-02-08 19:03 - 2012-09-09 09:55 - 00000000 ____D () C:\Users\Jessica\Desktop\UdeM
2015-02-08 16:26 - 2014-06-03 20:05 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\uTorrent
2015-02-08 14:38 - 2012-09-01 18:02 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-08 13:53 - 2013-01-21 12:49 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-08 13:53 - 2012-09-01 18:55 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-02-06 20:52 - 2012-08-31 18:47 - 00000000 ____D () C:\Windows\Corel
2015-02-06 19:02 - 2012-10-03 15:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 19:02 - 2012-10-03 15:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 19:02 - 2011-10-31 19:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 18:01 - 2015-01-05 21:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-06 18:01 - 2014-05-20 18:47 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-02-06 08:53 - 2009-07-14 01:13 - 00784366 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 08:49 - 2012-08-31 18:22 - 00002376 _____ () C:\Users\Jessica\Desktop\Google Chrome.lnk
2015-02-06 08:45 - 2012-08-31 10:28 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Skype
2015-02-05 10:57 - 2012-08-31 18:21 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA
2015-02-05 10:57 - 2012-08-31 18:21 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core
2015-02-05 10:34 - 2011-10-31 20:12 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-05 10:34 - 2011-10-31 20:12 - 00000000 ____D () C:\ProgramData\Skype
2015-01-28 16:03 - 2012-08-31 18:20 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Deployment
2015-01-28 15:53 - 2012-09-03 10:02 - 00075264 ___SH () C:\Users\Jessica\Documents\Thumbs.db
2015-01-28 09:05 - 2012-09-02 19:04 - 00000000 ____D () C:\Users\Jessica\AppData\Local\CrashDumps
2015-01-21 16:33 - 2012-09-01 18:07 - 00000000 ____D () C:\ProgramData\Origin
2015-01-19 09:59 - 2015-01-04 11:10 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\HpUpdate
2015-01-17 12:55 - 2013-09-18 07:25 - 00000000 ____D () C:\Users\Jessica\Downloads\Druide_Téléchargement
2015-01-15 21:15 - 2013-08-15 01:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 20:56 - 2012-09-01 09:52 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 10:40 - 2009-07-14 00:45 - 00497848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-11 21:27 - 2014-02-09 21:21 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Origin
2015-01-11 21:25 - 2012-08-31 21:32 - 00136880 _____ () C:\Users\Jessica\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2012-08-31 19:00 - 2012-08-31 19:00 - 0012358 _____ () C:\Users\Jessica\AppData\Roaming\PFP100JCM.{PB
2012-08-31 19:00 - 2012-08-31 19:00 - 0061678 _____ () C:\Users\Jessica\AppData\Roaming\PFP100JPR.{PB
2014-01-28 15:38 - 2014-01-28 15:38 - 0018408 _____ () C:\Users\Jessica\AppData\Roaming\UserTile.png
2014-08-30 09:59 - 2014-10-02 04:11 - 0000069 _____ () C:\Users\Jessica\AppData\Roaming\WB.CFG
2014-03-02 18:34 - 2014-03-02 18:34 - 0000218 _____ () C:\Users\Jessica\AppData\Local\recently-used.xbel
2015-01-04 11:09 - 2015-01-04 11:09 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-04 00:21

==================== End Of Log ============================

OCD
2015-02-10, 20:12
Hi Jess37,

Your log appears to be clean. :bigthumb:
We have a few items to take care of before we get to the All Clean Speech.

= = = = = = = = = = = = = = = = = = = =

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

Adobe Reader 10.1.8

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Adobe Flash Player:

Go to http://get.adobe.com/flashplayer/?no_ab=1

Remove the check mark from the box "Install Google Drive"
Click the Download button, and follow the onscreen directions to complete the installation.
Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Update Firefox


In the upper left corner of your browser window click the Help menu.
Wait for the Help menu to expand, then click on About Firefox
A small window will open similar to the one below.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/Firefox-3_zpsc32408ba.png (http://s1269.photobucket.com/user/OCD-WTT/media/Firefox-3_zpsc32408ba.png.html)

Click on the Update button as shown in the image above.
Allow Mozilla Firefox to update, reboot if instructed to do so.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Update Chrome

https://support.google.com/chrome/answer/95414?hl=en

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Remove Disinfection Tools


Download Delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Tick the following boxes:

Remove disinfection tools
Create registry backup
Purge system restore


http://i1269.photobucket.com/albums/jj590/OCD-WTT/Delfix_zpsbce6c60b.gif (http://s1269.photobucket.com/user/OCD-WTT/media/Delfix_zpsbce6c60b.gif.html)


Click Run
Any other tools and files found can simply be deleted or uninstall via the Control Panel.

= = = = = = = = = = = = = = = = = = = =


With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate windows and frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:


NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/).

Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)

= = = = = = = = = = = = = = = = = = = =

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

to help protect your computer in the future I recommend that you get the following free program:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this program to lock down and prevent crypto-ransomeware

http://i1269.photobucket.com/albums/jj590/OCD-WTT/CryptoPrevent_zps7ddc3ebd.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/CryptoPrevent_zps7ddc3ebd.jpg.html)

= = = = = = = = = = = = = = = = = = = =

COMPUTER SECURITY (http://www.malwareremoval.com/forum/viewtopic.php?p=557960#p557960) - a short guide to staying safer online

= = = = = = = = = = = = = = = = = = = =

WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop

= = = = = = = = = = = = = = = = = = = =

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)


= = = = = = = = = = = = = = = = = = = =

Make sure you keep your Windows OS current.

Windows XP:
Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
If you are running Windows XP, please take the time to read the information provided at these links.

Windows XP - The Elephant In The Room (http://www.malwareremoval.com/forum/viewtopic.php?p=630064#p630064)
Windows XP - The end of the road (http://techpageone.dell.com/technology/windows-xp-end-road/?dgc=BA&cid=272099&lid=5049884&acd=12309189674467600#.UxUoP4W9Is3)

Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.

Without these you are leaving the back door open.

= = = = = = = = = = = = = = = = = = = =

Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

= = = = = = = = = = = = = = = = = = = =

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Jess37
2015-02-10, 22:31
I didn't see an option for the Google drive dowload, but one for mcaffee or something like that... I unchecked the box

After delfix, there was tweaking and malware bytes left, I uninstalled them from the control panel as it was said.

then Google said it was already up to date, Firefox it needed an update and Explorer too

I love Adblock, I have it in Google Chrome already.

Should I download all 4 of the free antivirus ??????? Avira says Spybot is incompatible so I'm gonna stay with Avast.... And what should I do with HitmanPro?uninstall it? (honestly, I have no clue why it's on my laptop, probably my dad...)

I chose Online Armor Free for the firewall, but same question as antivirus, should i get 1 or the 3??? I chose the freeware option intead of the 30 days trial. And the tutorial is really nice thanks

I installed CryptoPrevent and WOT (only in chrome and explorer because it didn't want to install in firefox, connection problem it says)

What is the use of MVPS HOSTS? I have adblock plus that blocks these things, right?

thank you :)

OCD
2015-02-10, 23:52
Hi Jess37,


I didn't see an option for the Google drive dowload, but one for mcaffee or something like that... I unchecked the box
When installing software you always want to be on the look-out for 3rd party add-ons. If the option is available during an install to choose "custom install", choose that option. This way if there is 3rd party "stuff" included you should be able to opt-out of having that installed alongside the program you intended to install.



After delfix, there was tweaking and malware bytes left, I uninstalled them from the control panel as it was said.
That is fine. But just for general knowledge Malwarebytes' is a good program to have on your computer and run periodic scans to stay clean. I would re-install it.


then Google said it was already up to date, Firefox it needed an update and Explorer too
:bigthumb:


I love Adblock, I have it in Google Chrome already.
:bigthumb:


Should I download all 4 of the free antivirus ??????? Avira says Spybot is incompatible so I'm gonna stay with Avast.... And what should I do with HitmanPro?uninstall it? (honestly, I have no clue why it's on my laptop, probably my dad...)
You should only have one (1) Anti-Virus and one (1) Firewall installed and running at any one time. Having multiples of these type of programs will actually make you system more vulnerable to infection because they work against each other.

As for HitmanPro, unless it's a paid version I would uninstall it.


I chose Online Armor Free for the firewall, but same question as antivirus, should i get 1 or the 3??? I chose the freeware option intead of the 30 days trial. And the tutorial is really nice thanks
See my answer above. One (1) AV and one (1) Firewall. It's your choice which ones you select.


I installed CryptoPrevent and WOT (only in chrome and explorer because it didn't want to install in firefox, connection problem it says)
:bigthumb: I would retry Firefox, it should install I have it on my machine using FF.


What is the use of MVPS HOSTS? I have adblock plus that blocks these things, right?
No it does not. Here is a brief explanation as to what a Hosts file is and how it works.

Visit this link to see what a Hosts file looks like: http://www.bleepingcomputer.com/misc/hosts
(an actual Hosts file is much larger, this is just a sample)

Take this Hosts file entry:

O1 - Hosts: 127.0.0.1 100sexlinks.com

The loop-back address to your computer is 127.0.0.1, if you tried to visit the 100sexlinks.com website your Hosts file would loop the search back to your own machine to try and resolve the search.

But if the IP was for the real 100sexlinks.com website, and I don't know what that is but let's just say 66.102.0.0 (not real, but Google's IP) then your computer would resolve the search and direct you to that website.

01 - Hosts: 66.102.0.0 100sexlinks.com - this entry would direct you to the sexlinks website if the IP was legitimate (really Google)

01 - Hosts: 127.0.0.1 google.com - this entry would block Google

I hope that explains it a little better.

Jess37
2015-02-11, 00:27
Okay that's good to know! Gonna check that

I installed Malwarebytes again :) And uninstalled hitmanpro which is a free software

Firefox still doesn't want to install it...12037 and do you know how to hide that bar at the bottom??? It's kinda going on my nerves (but anyway I don't use firefox that much)

I don't really understand what it does but I understand that it protects my computer against bad websites. But I don't find where to download it (I clicked on the name and it sent me to a non friendly user interface XD too much text, can't find anything... can you help me for that? I'm not that good haha!)

OCD
2015-02-11, 02:28
Hi Jess37,


Firefox still doesn't want to install it...Untitled.jpg and do you know how to hide that bar at the bottom??? It's kinda going on my nerves (but anyway I don't use firefox that much)
If you don't use FF that much then you can just skip it, or try and install it at a later date.

The bar at the bottom is part of No Script (one of the suggested items). You can try and click the "options" button in the bottom right hand corner and see if there is a setting that you are comfortable with. Or just disable No Script.


I don't really understand what it does but I understand that it protects my computer against bad websites. But I don't find where to download it (I clicked on the name and it sent me to a non friendly user interface XD too much text, can't find anything... can you help me for that? I'm not that good haha!)
You have done great so far, this shouldn't prove too difficult. :rockon:

Here is a step by step overview of what you will be doing, and the windows you will encounter. >> http://winhelp2002.mvps.org/hostswin7.htm - keep this tab open during the process

Download the MVPS Hosts file http://winhelp2002.mvps.org/hosts.zip, and Save it to a convenient location.

Simply locate the "hosts.zip" file you downloaded, by default it should be located in your "User" Download folder.
Highlight the file (single-click) then right-click and select > Extract All from the menu ...

Next: Make sure there is a check in the "Show extracted files when complete" option

Next: right-click the installer "mvps.bat" and select: Run as Administrator (see images from link provided)

OK the UAC prompt and the batch file will run ... which will backup the existing HOSTS file (HOSTS.MVP) then copy the updated HOSTS file to the proper location. You should see a completed prompt (press any key) and that's it ...

Voila ... you just added a Hosts File. :yahoo:

Jess37
2015-02-11, 22:43
Okay so I just press any key and voila? haha that's simple XD

WOT with firefox still doesn't work.. oh well too bad!

So I think that's it that's all now, thank you very much :) I'm happy that my laptop is infection free :)

I might do a clean with Spybot on my parents pc next weekend cuz they always have problem with viruses :/ At least I know I can have help if I find weird things haha

Later! :)

OCD
2015-02-12, 05:06
You're very welcome. Glad I was able to help. :bigthumb:

And now you know where to find us. :popcorn:

Since this issue appears to be resolved ... this Topic has been closed.

If you still require help, please start a new topic and include fresh FRST and aswMBR logs, along with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.