Recommended Posts

Howdy Susanne and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Do Not Remove anything or run any tools/programs until advised to do so !


Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  



===================================



AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the "Clean" button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!



NEXT



    Download Malwarebytes' Anti-Malware (save it to your desktop).  >>>   http://api.viglink.com/api/click?format=go&jsonp=vglnk_jsonp_14079554978349&key=bf4adfcbb328b51c165afd7f95bfc060&libId=42688bc4-849b-499e-80b4-6ff4c3b395d8&loc=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fshowtopic%3D128466&v=1&out=http%3A%2F%2Fwww.malwarebytes.org%2Fmbam-download.php&ref=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fs%3De77133f793c31b8c04786ca55ed0fbe6%26showforum%3D27&title=Windows%208%20very%20slow%20and%20drops%20wi-fi%20%5BSolved%5D%20-%20Virus%2C%20Spyware%20%26%20Malware%20Removal&txt=%3Cspan%20style%3D%22color%3A%230000FF%3B%22%3E%3Cstrong%3EMalwarebytes%27%20Anti-Malware%3C%2Fstrong%3E%3C%2Fspan%3E

      * Windows XP : Double click on the icon to run it.
      *  Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
      *  Select Scan tab.

Malwarebytes.png

* Select type of scan to perform:

MBAMScanTab_zps2c5e74bd.gif
   
  * Threat Scan < --- Select this type of scan
  * Custom Scan
  * Hyper Scan

Next click the Scan button.

When the scan is complete, if no malicious items are found you can close the program.

If malicious items are found be sure that everything is checked, and click Quarantine .

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
 
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.



NEXT



Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com

Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. Malwarebytes Log
4. DDS logs (2 logs)
Thanks
Chuck

 

Work on these as your time permits !!

Run one program and post the logs to this topic then continue on with the next !

There will be more to do after running these programs so stay with it till we get it clean !
 

Link to post
Share on other sites
# AdwCleaner v4.109 - Report created 29/01/2015 at 16:33:48

# Updated 24/01/2015 by Xplode

# Database : 2015-01-24.3 [Local]

# Operating System : Windows 8.1  (64 bits)

# Username : Suzanne - MYLAPTOP

# Running from : C:\Users\Suzanne\Downloads\adwcleaner_4.109 (3).exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

-\\ Google Chrome v40.0.2214.93

 

 

*************************

 

AdwCleaner[R0].txt - [2481 octets] - [02/05/2014 14:55:07]

AdwCleaner[R1].txt - [2379 octets] - [29/01/2015 10:24:06]

AdwCleaner[R2].txt - [975 octets] - [29/01/2015 10:44:50]

AdwCleaner[R3].txt - [1095 octets] - [29/01/2015 15:21:52]

AdwCleaner[R4].txt - [837 octets] - [29/01/2015 16:33:48]

AdwCleaner[s0].txt - [2273 octets] - [02/05/2014 14:59:37]

AdwCleaner[s1].txt - [2356 octets] - [29/01/2015 10:33:53]

AdwCleaner[s2].txt - [1035 octets] - [29/01/2015 10:55:15]

AdwCleaner[s3].txt - [1157 octets] - [29/01/2015 15:39:10]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1136 octets] ##########

Link to post
Share on other sites

Susanne, There should of been more to it ! You need to run it again & this time after it runs the scan it will give you the option to "clean" when it's through running! I need you to click the "Clean" button this time !!

Then go ahead with the Junk ware Removal Tool program and the others !!

 

Thanks

Chuck

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 1/29/2015

Scan Time: 11:18:01 AM

Logfile: scanning log malware.txt

Administrator: Yes

Version: 2.00.4.1028

Malware Database: v2015.01.29.08

Rootkit Database: v2015.01.14.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Suzanne

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 374650

Time Elapsed: 41 min, 5 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 8

PUP.Optional.Montiera.I, C:\Users\Suzanne\Downloads\HD_Player__CD5MTCD3504_46edf2acbd71ff53c3c76ccb99a2ee5b (1).exe, Quarantined, [1319b9448900cf67cb343f3c12f36b95],

PUP.Optional.Montiera.I, C:\Users\Suzanne\Downloads\HD_Player__CD5MTCD3504_46edf2acbd71ff53c3c76ccb99a2ee5b.exe, Quarantined, [7cb013ea494089ad16e998e36d985ea2],

PUP.Optional.BundleInstaller.A, C:\Users\Suzanne\Downloads\Setup.exe, Quarantined, [f8341de0187187afabc049f19d63ee12],

PUP.Optional.Montiera.I, C:\Users\Suzanne\Downloads\Software_Update__CD5MTCD4349_f19d42d73c2c59d3cc86452ec2cf6a53.exe, Quarantined, [eb410feed8b1c4729d621d5e72939070],

PUP.Optional.ClientConnect, C:\Users\Suzanne\Downloads\Avast_Free_Antivirus_TSV38KAVN.exe, Quarantined, [30fc79840584c96d15a506bed32ebd43],

PUP.Optional.ClientConnect, C:\Users\Suzanne\Downloads\Avast_Free_Antivirus_TSV38KAVX.exe, Quarantined, [e04c36c7a9e03afcd8e2cef6bc458977],

PUP.Optional.ClientConnect, C:\Users\Suzanne\Downloads\Avast_Free_Antivirus_TSV38KAW2.exe, Quarantined, [ce5e54a96d1c999ddfdbad17fd0421df],

PUP.Optional.ArcadeYum.A, C:\Users\Suzanne\Downloads\ArcadeYumGames.exe, Quarantined, [f834ed107d0cea4cd0c04a8e32cf2ed2],

Physical Sectors: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

did ad thing again. and this report is after clicking clean.

# AdwCleaner v4.109 - Report created 30/01/2015 at 03:01:02

# Updated 24/01/2015 by Xplode

# Database : 2015-01-26.1 [Live]

# Operating System : Windows 8.1 (64 bits)

# Username : Suzanne - MYLAPTOP

# Running from : C:\Users\Suzanne\Downloads\adwcleaner_4.109 (4).exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v40.0.2214.93

*************************

AdwCleaner[R0].txt - [2481 octets] - [02/05/2014 14:55:07]

AdwCleaner[R1].txt - [2379 octets] - [29/01/2015 10:24:06]

AdwCleaner[R2].txt - [975 octets] - [29/01/2015 10:44:50]

AdwCleaner[R3].txt - [1095 octets] - [29/01/2015 15:21:52]

AdwCleaner[R4].txt - [1216 octets] - [29/01/2015 16:33:48]

AdwCleaner[R5].txt - [1335 octets] - [30/01/2015 02:50:25]

AdwCleaner[s0].txt - [2273 octets] - [02/05/2014 14:59:37]

AdwCleaner[s1].txt - [2356 octets] - [29/01/2015 10:33:53]

AdwCleaner[s2].txt - [1035 octets] - [29/01/2015 10:55:15]

AdwCleaner[s3].txt - [1157 octets] - [29/01/2015 15:39:10]

AdwCleaner[s4].txt - [1278 octets] - [29/01/2015 16:59:30]

AdwCleaner[s5].txt - [1257 octets] - [30/01/2015 03:01:02]

########## EOF - C:\AdwCleaner\AdwCleaner[s5].txt - [1317 octets] ##########

Link to post
Share on other sites

Susanne, did you not read the post of mine above ??

 

Suzanne, you have to do these programs in the correct order i ask for them !!

 

1. I need the AdwCleaner log that shows it was run & cleaned !!

2. Then i need the Junkware Removal log !

 

Chuck

 

 

 

You tried to run the DDS program before the Junkware removal program ! These need to be run in the exact order i ask for !!!!!!

 

I STILL NEED THE Junkware Removal programs log !!!

Forget the DDS Program !

 

You did get me the correct version of AdwCleaner & it does show it was cleaned ! >>> # Option : Clean

 

Chuck

Link to post
Share on other sites

well, finally, here is the jrt...~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows 8.1 x64

Ran by Suzanne on Sat 01/31/2015 at 12:59:01.54

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERUPDATE-SETUP[1].EXE-A22B65D3.pf

Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERUPDATE.EXE-1647F161.pf

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\sparktrust"

Successfully deleted: [Folder] "C:\Users\Suzanne\AppData\Roaming\sparktrust"

Successfully deleted: [Folder] "C:\Program Files (x86)\sparktrust"

Successfully deleted: [Folder] "C:\Users\Suzanne\AppData\Roaming\microsoft\windows\start menu\programs\sparktrust"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 01/31/2015 at 13:41:19.27

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Susanne, forget the DDS program.

 

I need you to run this one next !!

 

Download Farbar Recovery Scan Tool, or FRST, from the following location: FRST Download Link >>> http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

When you click on the above link you will be brought to a download page. Please click on the Download Now 32-bit version or Download Now 64-bit version button depending on the bit type of your Windows version. If you are unsure what bit-type your installed Windows is, please consult this tutorial:

How to tell if you are running a 32-bit or 64-bit version of Windows  >>> http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/

Once you click on the appropriate download button, you will be brough to a downloading screen, where if you wait, the download will automatically start. If you see a prompt asking if you wish to Run or Save the file, please click on the Save button and save it to your desktop.

download-frst.jpg
Figure 1: FRST Save File dialog box

Your browser will now download FRST and save it on your Desktop. When it is done downloading you will find an icon on your desktop that looks like Figure 2 below

frst-icon.jpg
Figure 2: FRST Icon

Now double-click on the FRST.exe or the FRST64.exe icon depending on which version you downloaded to start the program. Once you double-click the icon a User Account Control warning may also appear asking if you are sure you would like to run the program. This warning is shown in Figure 3 below.

Click on the Yes button to allow FRST to start. If no warning appeared, as shown above, then you should just continue reading.

FRST will now display a Disclaimer of Warranty window. Please read through this agreement, and if you agree to it, please click on the Yes button to continue. If you clicked on Yes, FRST will now open and you will be presented with the main window as shown below.

farbar-recovery-scan-tool.jpg

Figure 3. Farber Recovery Scan Tool Main Screen

The scanning process can take a while, so please be patient while FRST scans your computer and creates and report that can be used by our helpers. When FRST is done generating the reports it will create them as FRST.txt and Addition.txt in the same location as you downloaded and ran FRST from. If you ran it from the Windows desktop, then the reports will be made there. The program will then display a prompt stating that it has finished as shown below.

The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
 

Post those logs next:

 

Chuck

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015

Ran by Suzanne at 2015-02-02 14:25:52

Running from C:\Users\Suzanne\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)

Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)

Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden

Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)

CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden

DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden

DriverUpdate (HKLM-x32\...\{C85A8187-7E95-429D-9C9C-57C10268B3CF}) (Version: 2.2.38275 - SlimWare Utilities, Inc.)

Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)

f.lux (HKU\S-1-5-21-1036139224-3964361190-1435687704-1002\...\Flux) (Version: - )

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden

HP Documentation (HKLM-x32\...\{D82B396E-A647-4C81-9DA4-C61F7BB620EC}) (Version: 1.1.0.0 - Hewlett-Packard)

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)

HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)

HP System Event Utility (HKLM-x32\...\{C39A7F0F-89A6-44BB-B1BF-5F96569B5345}) (Version: 1.2.9 - Hewlett-Packard Company)

HP Utility Center (HKLM\...\{1D7EB7E7-0B5D-4A23-A383-7EF133090026}) (Version: 2.3.2 - Hewlett-Packard Company)

HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)

Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden

Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden

Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden

OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)

OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)

Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)

Rapport (x32 Version: 3.5.1404.61 - Trusteer) Hidden

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.32.508.2014 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.34 - REALTEK Semiconductor Corp.)

Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

SparkTrust PC Cleaner Plus (HKLM-x32\...\{35827710-D042-428B-A1E5-E20E12D2FEB9}) (Version: 3.2.10.0 - SparkTrust) <==== ATTENTION

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.9 - Synaptics Incorporated)

Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden

Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.61 - Trusteer)

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

Vacation Questâ„¢ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

07-01-2015 19:34:33 HPSF Applying updates

15-01-2015 11:47:04 Windows Update

15-01-2015 15:21:45 Installed Rapport

23-01-2015 23:17:38 Windows Update

29-01-2015 09:48:07 SparkTrust PC Cleaner Plus Backup

29-01-2015 18:49:37 avast! antivirus system restore point

30-01-2015 17:44:47 yesterday morning

30-01-2015 17:54:46 Restore Operation

30-01-2015 19:18:21 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {020885D6-3931-4C66-881A-F6EF658839C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {09F6591E-416F-4CC5-90ED-6D3BCAD1E3E9} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-03-21] (SparkTrust Systems) <==== ATTENTION

Task: {16E99C70-51DF-4F00-91B5-BC69CB39AF89} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)

Task: {272C14E2-73A2-47A1-9ACC-E09649D8465B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-15] (Microsoft Corporation)

Task: {32628641-D6EE-432C-B53F-CEF5C2B55B75} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_99C87281-D247-11E3-825F-A01D480C7667 => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION

Task: {35CC26B3-BF3C-4CA4-9614-65AA317E7DFB} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-11-12] (Synaptics Incorporated)

Task: {44ACB2A4-CB89-4085-91C3-242548E51E14} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION

Task: {4BD7CAED-1FBA-48F8-B472-877603765F37} - System32\Tasks\HPCeeScheduleForSuzanne => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {4F8D1052-DB03-4D6B-AFB0-7C070E46B4C7} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-03-21] (SparkTrust Systems) <==== ATTENTION

Task: {53413406-5A52-4527-A1EE-97AD34150683} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)

Task: {697634F9-69BE-4158-BB44-2839BBC02F82} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {6DBE81B7-8844-4E47-AD2C-3894E5BC4BAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe [2013-11-04] (Hewlett-Packard Company)

Task: {75799841-F162-48E6-A32B-F23DA3B9E885} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)

Task: {8F23ED58-EFFC-457B-AA31-BD47327E7A42} - System32\Tasks\{4530FC93-DA9F-43B0-96ED-47DDAF6722E2} => pcalua.exe -a E:\Setup.exe -d E:\

Task: {9AF1BD0A-AFC7-4FF9-A772-B6517B0F64AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-21] (Google Inc.)

Task: {9C33E738-7DB2-4F45-B9DF-EC153568A310} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)

Task: {B9256B74-5222-4254-B249-001174FE6DDC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {D1F4F2E2-CAE5-4D79-A1C7-BBB832334F3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)

Task: {D87A6863-7DED-4704-B467-5A97B9DC4452} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-01] (AVAST Software)

Task: {DFC6AA7D-A5A5-4FE0-B4E1-955873DDEEF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {E2CA6729-CAED-4175-8C85-B22439E56258} - System32\Tasks\{23AD53BE-0066-430F-A41B-5830963F57B9} => pcalua.exe -a "C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\uninstall.exe"

Task: {FBCD7765-C911-4353-BE49-1DDE0B362430} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-21] (Google Inc.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\HPCeeScheduleForSuzanne.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\WINDOWS\Tasks\SparkTrust PC Cleaner Plus_sch_99C87281-D247-11E3-825F-A01D480C7667.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION

Task: C:\WINDOWS\Tasks\SparkTrust Update Version3.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-10-14 12:23 - 2013-10-14 12:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe

2013-10-14 12:24 - 2013-10-14 12:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll

2013-10-14 12:25 - 2013-10-14 12:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll

2013-10-14 12:22 - 2013-10-14 12:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll

2013-10-14 12:22 - 2013-10-14 12:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll

2013-10-14 12:22 - 2013-10-14 12:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll

2013-10-14 12:35 - 2013-10-14 12:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll

2013-10-14 12:35 - 2013-10-14 12:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll

2014-04-17 14:38 - 2014-04-17 14:38 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe

2014-04-17 14:37 - 2014-04-17 14:37 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2013-10-14 12:30 - 2013-10-14 12:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe

2014-11-25 06:11 - 2014-11-25 06:11 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll

2015-01-31 07:15 - 2015-01-31 07:15 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15013100\algo.dll

2015-01-31 13:58 - 2015-01-31 13:58 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15013101\algo.dll

2015-02-02 14:23 - 2015-02-02 14:23 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020201\algo.dll

2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

2014-01-26 04:56 - 2013-08-05 00:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2014-05-01 02:55 - 2014-05-01 02:55 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2015-01-26 17:58 - 2015-01-24 23:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll

2015-01-26 17:58 - 2015-01-24 23:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll

2015-01-26 17:58 - 2015-01-24 23:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Suzanne\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1036139224-3964361190-1435687704-500 - Administrator - Disabled) => C:\Users\Administrator

Guest (S-1-5-21-1036139224-3964361190-1435687704-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1036139224-3964361190-1435687704-1004 - Limited - Enabled)

Suzanne (S-1-5-21-1036139224-3964361190-1435687704-1002 - Administrator - Enabled) => C:\Users\Suzanne

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (02/02/2015 02:21:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MYLAPTOP)

Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/31/2015 11:01:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MYLAPTOP)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147417848 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/31/2015 02:09:35 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f68

Start Time: 01d03d9979dc6a16

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 6f3d7058-a98d-11e4-82a3-a01d480c7667

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:

=============

Error: (02/02/2015 02:24:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%127

Error: (02/02/2015 02:24:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%127

Error: (02/02/2015 02:08:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%127

Error: (01/31/2015 11:50:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The GamesAppIntegrationService service terminated unexpectedly. It has done this 1 time(s).

Error: (01/31/2015 02:12:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%127

Error: (01/31/2015 02:05:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%127

Error: (01/31/2015 01:59:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%127

Error: (01/31/2015 01:58:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%127

Error: (01/31/2015 01:58:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%127

Error: (01/31/2015 01:58:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:

%%2

Microsoft Office Sessions:

=========================

Error: (02/02/2015 02:21:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MYLAPTOP)

Description: Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong-2144927142

Error: (01/31/2015 11:01:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MYLAPTOP)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147417848

Error: (01/31/2015 02:09:35 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: LiveComm.exe17.5.9600.20689f6801d03d9979dc6a164294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe6f3d7058-a98d-11e4-82a3-a01d480c7667microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

CodeIntegrity Errors:

===================================

Date: 2015-01-30 02:50:04.931

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-30 02:50:03.696

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD E1-2100 APU with Radeon HD Graphics

Percentage of memory in use: 52%

Total physical RAM: 3537.01 MB

Available physical RAM: 1682.76 MB

Total Pagefile: 4177.01 MB

Available Pagefile: 2084.04 MB

Total Virtual: 131072 MB

Available Virtual: 131071.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:446.78 GB) (Free:395.69 GB) NTFS

Drive d: (RECOVERY) (Fixed) (Total:18.21 GB) (Free:1.82 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 179F6E94)Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015

Ran by Suzanne (administrator) on MYLAPTOP on 02-02-2015 14:21:02

Running from C:\Users\Suzanne\Downloads

Loaded Profiles: Suzanne (Available profiles: Suzanne & Administrator)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Flux Software LLC) C:\Users\Suzanne\AppData\Local\FluxSoftware\Flux\flux.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\backgroundTaskHost.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)

HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)

HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-11-05] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1386712 2014-11-05] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-11-12] (Synaptics Incorporated)

HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2015-01-30] (AVAST Software)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-10-09] (Hewlett-Packard Development Company, L.P.)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)

HKU\S-1-5-21-1036139224-3964361190-1435687704-1002\...\Run: [f.lux] => C:\Users\Suzanne\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)

HKU\S-1-5-21-1036139224-3964361190-1435687704-1002\...\MountPoints2: {51c56f1f-5f1f-11e4-8285-a01d480c7667} - "F:\VZW_Software_upgrade_assistant.exe"

HKU\S-1-5-21-1036139224-3964361190-1435687704-1002\...\MountPoints2: {a7709de9-d667-11e3-8265-a01d480c7667} - "F:\MotorolaDeviceManagerSetup.exe" -a

HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1

HKU\S-1-5-21-1036139224-3964361190-1435687704-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

HKU\S-1-5-21-1036139224-3964361190-1435687704-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1036139224-3964361190-1435687704-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll No File

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll No File

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 67.215.21.202 72.21.70.3

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll No File

FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll No File

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-01]

Chrome:

=======

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Facebook Video Plugin) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\akagdpdjofpfkeolfhccmfbahdeokpog [2014-08-17]

CHR Extension: (Google Drive) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]

CHR Extension: (YouTube) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-21]

CHR Extension: (Google Search) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-21]

CHR Extension: (Google Wallet) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-21]

CHR Extension: (Gmail) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-21]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-17] () [File not signed]

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-01] (AVAST Software)

R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]

S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [569608 2014-10-09] (Hewlett-Packard Development Company, L.P.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 1999-12-31] (Realtek Semiconductor)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-11-12] (Synaptics Incorporated)

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-25] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2014-06-11] (Advanced Micro Devices, INC.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-01] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-01] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-01] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-01] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2015-01-30] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2015-01-30] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2015-01-30] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-01] ()

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-06-11] (Advanced Micro Devices)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80120.sys [845464 2015-01-15] (IBM Corp.)

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2014-12-22] (IBM Corp.)

R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [290520 2014-12-22] (IBM Corp.)

R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2014-12-22] (IBM Corp.)

R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2014-12-22] (IBM Corp.)

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-11-05] (Realtek Semiconductor Corp.)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3529944 2014-12-04] (Realtek Semiconductor Corporation )

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-10-01] (Synaptics Incorporated)

S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-10-01] (Synaptics Incorporated)

S3 ssmirrdr; C:\Windows\system32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)

S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2015-01-26] ()

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

U3 McAPExe; No ImagePath

U3 McMPFSvc; No ImagePath

U3 McNaiAnn; No ImagePath

U3 mcpltsvc; No ImagePath

U3 mfecore; No ImagePath

S1 MpKsl1217d9f4; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2FCBC09C-7A87-4749-A296-7D4A3C03C57C}\MpKsl1217d9f4.sys [X]

U3 MSK80Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 14:21 - 2015-02-02 14:22 - 00019068 _____ () C:\Users\Suzanne\Downloads\FRST.txt

2015-02-02 14:20 - 2015-02-02 14:21 - 00000000 ____D () C:\FRST

2015-02-02 14:19 - 2015-02-02 14:19 - 02131456 _____ (Farbar) C:\Users\Suzanne\Downloads\FRST64.exe

2015-01-31 16:49 - 2015-01-31 16:49 - 00688992 _____ (Swearware) C:\Users\Suzanne\Downloads\dds.com

2015-01-31 16:48 - 2015-01-31 16:48 - 00688992 _____ (Swearware) C:\Users\Suzanne\Downloads\dds.scr

2015-01-31 14:11 - 2015-02-02 14:06 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-01-31 14:10 - 2015-01-31 14:10 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-31 14:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-01-31 14:10 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-01-31 14:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-01-31 14:08 - 2015-01-31 14:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Suzanne\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-31 13:41 - 2015-01-31 13:41 - 00001117 _____ () C:\Users\Suzanne\Desktop\JRT.txt

2015-01-31 12:58 - 2015-01-31 12:58 - 01707939 _____ (Thisisu) C:\Users\Suzanne\Downloads\JRT (2).exe

2015-01-30 20:11 - 2015-01-30 20:11 - 01707939 _____ (Thisisu) C:\Users\Suzanne\Downloads\JRT (1).exe

2015-01-30 20:03 - 2015-01-30 20:04 - 02194432 _____ () C:\Users\Suzanne\Downloads\adwcleaner_4.109 (3).exe

2015-01-30 19:38 - 2015-01-30 19:38 - 02194432 _____ () C:\Users\Suzanne\Downloads\adwcleaner_4.109 (2).exe

2015-01-30 19:36 - 2015-01-30 19:36 - 00966191 _____ () C:\Users\Suzanne\Downloads\adwcleaner_4.109 (1).exe

2015-01-30 19:31 - 2015-01-30 19:32 - 02194432 _____ () C:\Users\Suzanne\Downloads\adwcleaner_4.109.exe

2015-01-29 20:21 - 2015-01-29 20:21 - 00102936 _____ () C:\Users\Suzanne\Downloads\needtofixpageNumber-MalwareRemoval-BestTechieForums.html

2015-01-29 11:15 - 2015-01-31 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-29 11:15 - 2015-01-31 14:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-29 11:15 - 2015-01-29 11:15 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-21 20:27 - 2015-01-31 13:57 - 00000358 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForSuzanne.job

2015-01-21 20:27 - 2015-01-30 20:07 - 00003176 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForSuzanne

2015-01-13 18:26 - 2014-12-08 12:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2015-01-13 18:26 - 2014-12-08 12:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2015-01-13 18:26 - 2014-12-08 12:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2015-01-13 18:26 - 2014-12-08 12:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2015-01-13 18:26 - 2014-12-08 12:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2015-01-13 18:26 - 2014-12-08 12:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll

2015-01-13 18:26 - 2014-12-08 12:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe

2015-01-13 18:26 - 2014-12-08 12:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe

2015-01-13 18:26 - 2014-12-05 18:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2015-01-13 18:26 - 2014-10-28 21:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

2015-01-13 18:26 - 2014-10-28 21:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

2015-01-13 18:26 - 2014-10-28 20:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2015-01-13 18:26 - 2014-10-28 20:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2015-01-13 18:26 - 2014-10-28 20:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2015-01-13 18:26 - 2014-10-28 20:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2015-01-13 18:26 - 2014-10-28 20:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

2015-01-13 18:26 - 2014-10-28 20:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

2015-01-13 18:26 - 2014-10-28 20:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

2015-01-13 18:26 - 2014-10-28 20:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2015-01-13 18:26 - 2014-10-28 20:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

2015-01-13 18:26 - 2014-10-28 19:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll

2015-01-13 18:26 - 2014-10-28 18:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll

2015-01-13 18:26 - 2014-10-28 18:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2015-01-13 18:15 - 2014-12-18 23:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys

2015-01-13 18:15 - 2014-12-11 19:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe

2015-01-13 18:15 - 2014-12-11 17:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys

2015-01-13 18:15 - 2014-12-08 18:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2015-01-13 18:15 - 2014-12-05 20:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll

2015-01-13 18:15 - 2014-12-05 18:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll

2015-01-13 18:15 - 2014-10-28 18:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll

2015-01-13 18:15 - 2014-10-28 18:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 14:15 - 2014-04-21 21:14 - 02045814 _____ () C:\WINDOWS\WindowsUpdate.log

2015-02-02 14:10 - 2014-04-21 21:16 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1036139224-3964361190-1435687704-1002

2015-02-02 14:06 - 2014-03-06 23:46 - 00000000 ___DO () C:\Users\Suzanne\SkyDrive

2015-02-02 14:05 - 2014-04-21 21:21 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-02 14:04 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-01-31 23:39 - 2014-05-07 20:56 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-01-31 23:02 - 2014-04-21 21:21 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-31 14:02 - 2013-08-25 23:09 - 00956540 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-01-31 13:57 - 2014-10-05 19:45 - 00007104 _____ () C:\WINDOWS\setupact.log

2015-01-31 13:57 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-01-31 13:56 - 2014-01-26 04:31 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin

2015-01-31 13:56 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2015-01-31 12:10 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-01-30 19:58 - 2014-09-04 12:38 - 00022880 _____ () C:\WINDOWS\PFRO.log

2015-01-30 19:57 - 2014-05-02 14:54 - 00000000 ____D () C:\AdwCleaner

2015-01-30 19:38 - 2014-05-01 02:59 - 00001989 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2015-01-30 19:36 - 2014-05-01 02:56 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys

2015-01-30 19:36 - 2014-05-01 02:56 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys

2015-01-30 19:36 - 2014-05-01 02:56 - 00085328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys

2015-01-30 19:35 - 2014-05-01 02:58 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update

2015-01-30 19:24 - 2014-04-21 20:59 - 00000000 ____D () C:\Users\Suzanne

2015-01-30 19:16 - 2013-08-25 23:04 - 00000000 ____D () C:\Users\Administrator

2015-01-30 19:15 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender

2015-01-30 19:15 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep

2015-01-30 19:13 - 2014-11-12 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-01-30 19:13 - 2014-05-01 02:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2015-01-30 18:56 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\registration

2015-01-30 18:49 - 2014-04-28 00:50 - 00000000 ____D () C:\Program Files (x86)\Java

2015-01-30 03:03 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI(12)

2015-01-29 12:50 - 2014-04-28 00:51 - 00000000 ____D () C:\ProgramData\Oracle

2015-01-28 21:15 - 2014-05-21 19:06 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2015-01-28 18:00 - 2014-05-02 15:18 - 00000486 _____ () C:\WINDOWS\Tasks\SparkTrust Registration3.job

2015-01-27 13:28 - 2013-08-22 08:20 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-01-26 22:05 - 2014-07-16 14:49 - 00016152 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys

2015-01-26 21:44 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI(29)

2015-01-26 17:59 - 2014-04-21 21:23 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-24 19:40 - 2014-05-07 20:56 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2015-01-21 20:00 - 2014-09-10 19:02 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log

2015-01-19 14:32 - 2014-12-14 16:30 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-01-19 14:32 - 2014-12-14 16:30 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-15 15:26 - 2014-04-22 09:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection

2015-01-15 12:15 - 2014-04-27 03:53 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-01-15 11:50 - 2014-04-27 03:53 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-01-13 23:12 - 2014-12-01 12:40 - 00000000 ____D () C:\Users\Suzanne\AppData\Local\Adobe

2015-01-13 23:12 - 2014-04-21 21:08 - 00000000 ____D () C:\Users\Suzanne\AppData\Roaming\Adobe

2015-01-10 04:25 - 2014-05-02 15:17 - 00000667 _____ () C:\WINDOWS\Tasks\SparkTrust PC Cleaner Plus_sch_99C87281-D247-11E3-825F-A01D480C7667.job

==================== Files in the root of some directories =======

2014-08-17 03:25 - 2014-08-17 03:25 - 0000036 _____ () C:\Users\Suzanne\AppData\Local\housecall.guid.cache

Some content of TEMP:

====================

C:\Users\Suzanne\AppData\Local\Temp\Extract.exe

C:\Users\Suzanne\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Suzanne\AppData\Local\Temp\lihfqzkx.dll

C:\Users\Suzanne\AppData\Local\Temp\Quarantine.exe

C:\Users\Suzanne\AppData\Local\Temp\SP67263.exe

C:\Users\Suzanne\AppData\Local\Temp\SP67332.exe

C:\Users\Suzanne\AppData\Local\Temp\SP67338.exe

C:\Users\Suzanne\AppData\Local\Temp\SP67379.exe

C:\Users\Suzanne\AppData\Local\Temp\SP67385.exe

C:\Users\Suzanne\AppData\Local\Temp\SP68055.exe

C:\Users\Suzanne\AppData\Local\Temp\SP68197.exe

C:\Users\Suzanne\AppData\Local\Temp\SP68381.exe

C:\Users\Suzanne\AppData\Local\Temp\SP69229.exe

C:\Users\Suzanne\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-23 23:34

==================== End Of Log ============================

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Hi Susanne, ok lets clean some more out !

 

Remove these 2 programs in bold using the Add/Remove Programs applet. If present !
SparkTrust PC Cleaner Plus and SpeedyBackup if present !!

 

Let me know if you removed/uninstall them ??

 

=========================================


FRST Fix Script

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

startCloseProcesses:Task: {09F6591E-416F-4CC5-90ED-6D3BCAD1E3E9} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-03-21] (SparkTrust Systems) <==== ATTENTIONTask: {32628641-D6EE-432C-B53F-CEF5C2B55B75} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_99C87281-D247-11E3-825F-A01D480C7667 => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTIONTask: {44ACB2A4-CB89-4085-91C3-242548E51E14} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTIONTask: {4F8D1052-DB03-4D6B-AFB0-7C070E46B4C7} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-03-21] (SparkTrust Systems) <==== ATTENTIONTask: {E2CA6729-CAED-4175-8C85-B22439E56258} - System32\Tasks\{23AD53BE-0066-430F-A41B-5830963F57B9} => pcalua.exe -a "C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\uninstall.exe"Task: {8F23ED58-EFFC-457B-AA31-BD47327E7A42} - System32\Tasks\{4530FC93-DA9F-43B0-96ED-47DDAF6722E2} => pcalua.exe -a E:\Setup.exe -d E:\Task: C:\WINDOWS\Tasks\SparkTrust PC Cleaner Plus_sch_99C87281-D247-11E3-825F-A01D480C7667.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTIONTask: C:\WINDOWS\Tasks\SparkTrust Update Version3.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTIONSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-1036139224-3964361190-1435687704-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}BHO-x32: Javaâ„¢ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll No FileBHO-x32: Javaâ„¢ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll No FileFF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll No FileFF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll No File2015-01-28 18:00 - 2014-05-02 15:18 - 00000486 _____ () C:\WINDOWS\Tasks\SparkTrust Registration3.job2015-01-10 04:25 - 2014-05-02 15:17 - 00000667 _____ () C:\WINDOWS\Tasks\SparkTrust PC Cleaner Plus_sch_99C87281-EmptyTemp:Hosts:CMD: ipconfig /flushdnsEnd

=============================

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
 

 

 

 

NEXT

 

 

 

Please run a free online scan with the ESET Online Scanner  >>>    http://api.viglink.com/api/click?format=go&jsonp=vglnk_142294088977815&key=bf4adfcbb328b51c165afd7f95bfc060&libId=d60faa35-e9fc-4822-a4e3-001ed8237fcc&loc=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fshowtopic%3D127714&v=1&out=http%3A%2F%2Fwww.eset.com%2Fonline-scanner-popup%2F&ref=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fshowtopic%3D127714%26page%3D2&title=Infected%20Machine%20Have%20DDS%20and%20ESET%20logs%20ready%20%5BSolved%5D%20-%20Virus%2C%20Spyware%20%26%20Malware%20Removal&txt=ESET%20OnlineScan
  *  Temporarily Disable Your Anti-virus   
  *  Click on "Run ESET Online Scanner" button.
  *  Tick the box next to YES, I accept the Terms of Use
  *  Click Start  
  *  Accept any security warnings from your browser.  
  *  Check Scan archives   
  *  Click Start   
  *  ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.   
   * When the scan completes, click on List of found threats   
  *  Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  NOTE. If Eset doesn't find any threats it will NOT produce any log
 

 

 

Thanks

Chuck

Link to post
Share on other sites

The problem has been that this laptop is slow and I just thought it probably has a lot of junk on it that I never use and will never use. I was told once that when you buy a new PC it comes with lots of junk and usually I had computer experts take care of all that before I would start to use it.

Link to post
Share on other sites

Susanne, while i wait on you to give me the final logs i will make a comment about you removing things to speed up your computer !

Poor performance and other problems can be the result of disk fragmentation, disk errors, corrupt system files, unnecessary services running, not enough RAM, dirty hardware components, too many toolbars, BHOs, extensions and add-ons/plug-ins attached your browser and failure to clear browser cache. Sometimes Add-ons cause browsers to quit unexpectedly or not perform properly especially, if it was poorly designed or was created for an earlier browser version. Incompatible browser extensions and add-ons can also impact system performance and cause compatibility issues such as application hangs (freezing). As you use your system it becomes filled with more files/programs and has a natural tendency to slow down and behave oddly so cleaning and regular maintenance is essential.

Your internet speed from TCT may not be fast enough for you, check with them to see what speed you are using ! The other thing is you might be able to add more ram, this would have to be checked by a computer shop. We have cleaned it up as good as possible. There are no signs of anything that would slow it down and it would show up in the scans you have performed !

 

Chuck

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Suzanne on Sat 01/31/2015 at 12:59:01.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERUPDATE-SETUP[1].EXE-A22B65D3.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERUPDATE.EXE-1647F161.pf
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\Suzanne\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Program Files (x86)\sparktrust"
Successfully deleted: [Folder] "C:\Users\Suzanne\AppData\Roaming\microsoft\windows\start menu\programs\sparktrust"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/31/2015 at 13:41:19.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Susanne, i did not ask for a Junkware Removal Scan log !!! That is the same log you ran near the begining of our fix !! You tend to not follow my instructions, i asked for the Frst Scan Script fix and the Eset Scan, logs !!!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.