Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01 Ran by cass at 2014-12-16 20:09:40 Running from C:\Users\cass\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3204655562-3042467115-2064883207-1001\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.) 1Step DVD Copy 4.5.1 (HKLM-x32\...\{1CB4ADE4-4B75-481A-BF77-EE69279DF30E}_is1) (Version: 4.5.1 - cyan soft ltd) AbleBits.com Merge Cells Wizard for Microsoft Excel (HKLM-x32\...\{3C32FF23-6277-4183-B098-55E9AA61D001}) (Version: 4.2.2 - Add-in Express Ltd) ActiveState ActivePython 2.7.2.5 (32-bit) (HKLM-x32\...\{49351FE8-DB8F-4C56-9DA6-B2D6CE3F7BF8}) (Version: 2.7.5 - ActiveState Software Inc.) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH) Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - ) Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) AI RoboForm (All Users) (HKLM-x32\...\AI RoboForm) (Version: - ) Aimersoft DRM Media Converter(Build 1.5.5.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version: - Aimersoft Software) AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung) Amazon Kindle (HKU\S-1-5-21-3204655562-3042467115-2064883207-1001\...\Amazon Kindle) (Version: - Amazon) AnyMedia Player 4.5.1 (HKLM-x32\...\{1959CCD2-1227-4de4-97E7-04F29D526762}_is1) (Version: 4.5.1 - cyan soft ltd) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1637796.2009617304.2003186140.32 - Audible, Inc.) B1 Free Archiver (HKLM-x32\...\B1Manager) (Version: - ) Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation) BlackBerry App World Browser Plugin (HKLM-x32\...\{7023728C-3AF9-4D4A-8893-5354370CDCAD}) (Version: 4.3.2.7 - Research In Motion Limited) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) calibre (HKLM-x32\...\{735C603C-B068-44E3-8711-826A5953057C}) (Version: 2.11.0 - Kovid Goyal) Cambridge Ed (HKLM-x32\...\Cambridge Ed) (Version: - ) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Disk Burner 4.5.1 (HKLM-x32\...\{3B10760F-86A3-4376-A668-AC304015D5ED}_is1) (Version: 4.5.1 - cyan soft ltd) Dropbox (HKU\S-1-5-21-3204655562-3042467115-2064883207-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.) DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden ExtractNow (HKLM-x32\...\ExtractNow) (Version: 4.8.2.0 - Nathan Moinvaziri) FairStars Audio Converter 1.97 (HKLM-x32\...\FairStars Audio Converter_is1) (Version: - FairStars Soft) FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse) FormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time) Foxit Phantom (HKLM-x32\...\Foxit Phantom) (Version: 2.2.3.1112 - Foxit Software Company) GetRadio 4.5.1 (HKLM-x32\...\{F6C84ED7-9CAC-423b-9E00-C9BFAFBD0593}_is1) (Version: 4.5.1 - cyan soft ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hightail Desktop App (HKLM\...\{A1B827F9-8A85-4DEE-8E72-3CF347F71999}) (Version: 2.4.7.1621 - Hightail) Hightail Express (HKLM-x32\...\{9453ED2E-3B9F-4683-BA6A-8FCB9F3E0065}) (Version: 2.14.1 - Hightail) HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent) HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard) HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard) HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard) HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard) HP Officejet 4620 series Product Improvement Study (HKLM\...\{83F51BBA-48BE-4BB6-B96A-F4AAE4C462F9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) Hulu Desktop (HKU\S-1-5-21-3204655562-3042467115-2064883207-1001\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle) Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle) join.me (HKU\S-1-5-21-3204655562-3042467115-2064883207-1001\...\JoinMe) (Version: 1.14.0.141 - LogMeIn, Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - ) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe) MediaFire Desktop (HKLM-x32\...\MediaFire Desktop 0.10.18.9207) (Version: 1.4.7.10713 - MediaFire) MediaFire Express (HKLM-x32\...\MediaFire Express 0.15.4.4888) (Version: 0.15.4.4888 - MediaFire) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version: - ) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Midnight Oil Solitaire 3.20 (HKLM-x32\...\Midnight Oil Solitaire_is1) (Version: - Randy Rasa) Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG) NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com) Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation) Picture Collage Maker Pro 3.3.6 (HKLM-x32\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 3.3.6 - PearlMountain Technology Co., Ltd) PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.) Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.) PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.1 - Reimage) <==== ATTENTION RipTiger 4.5.1 (HKLM-x32\...\{AFD4597D-56CC-447F-AA68-C1BF1AEA448E}_is1) (Version: 4.5.1 - cyan soft ltd) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_5 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.2.14014_5 - Samsung Electronics Co., Ltd.) Hidden Samsung Link 2.0.0.1411061504 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1411061504 - Copyright 2013 SAMSUNG) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.) Sigil (HKLM-x32\...\A24B23EB-0632-4D92-B087-011CAE348023) (Version: 0.3.2 - Strahinja Marković) SoundTaxi 4.5.1 (HKLM-x32\...\{8675BF55-B842-4E02-B3C8-7AA92C72D2C2}_is1) (Version: 4.5.1 - cyan soft ltd) SoundTaxi Endless Music Player 4.5.1 (HKLM-x32\...\{A1A2E29A-683B-BB20-BB0D-B97E7E121012}_is1) (Version: 4.5.1 - cyan soft ltd) SoundTaxi Media Suite 4.5.1 (HKLM-x32\...\{EF4C657F-632F-4CED-A220-F4C1C724241C}_is1) (Version: 4.5.1 - cyan soft ltd) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.2013.194 - TuneUp Software) TuneUp Utilities 2013 (x32 Version: 13.0.2013.194 - TuneUp Software) Hidden TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.2013.194 - TuneUp Software) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.) Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - ) WORDsearch Installer (x32 Version: 10 - WORDsearch Corp) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3204655562-3042467115-2064883207-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\cass\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3204655562-3042467115-2064883207-1001_Classes\CLSID\{BF9DDDDB-4A44-41F7-94C7-4DB032B73B9F}\InprocServer32 -> C:\Users\cass\AppData\Roaming\Add-in Express\Merge Cells Wizard for Microsoft Excel\adxloader64.dll () CustomCLSID: HKU\S-1-5-21-3204655562-3042467115-2064883207-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cass\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3204655562-3042467115-2064883207-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cass\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3204655562-3042467115-2064883207-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cass\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3204655562-3042467115-2064883207-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cass\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3204655562-3042467115-2064883207-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cass\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3204655562-3042467115-2064883207-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cass\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3204655562-3042467115-2064883207-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cass\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3204655562-3042467115-2064883207-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cass\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 11-12-2014 22:46:48 Restore Operation 12-12-2014 18:26:58 Windows Backup 13-12-2014 01:08:26 Restore Operation 13-12-2014 03:09:37 Windows Backup 13-12-2014 13:47:43 Windows Backup 13-12-2014 14:46:57 Installed Microsoft Fix it Solution - f4c2a476-3532-4511-a4be-0f5ccc5501af 13-12-2014 15:17:23 Installed Microsoft Fix it Solution - f4c2a476-3532-4511-a4be-0f5ccc5501af 14-12-2014 08:00:22 Windows Update 14-12-2014 12:04:42 Windows Update 14-12-2014 17:31:55 Windows Update 14-12-2014 17:34:00 Windows Modules Installer 14-12-2014 17:38:54 Windows Modules Installer 14-12-2014 17:41:26 Windows Modules Installer 14-12-2014 17:43:38 Windows Modules Installer 14-12-2014 17:51:12 Installed Microsoft Fix it Solution - f4c2a476-3532-4511-a4be-0f5ccc5501af 14-12-2014 17:53:47 Windows Update 14-12-2014 18:38:36 Windows Update 14-12-2014 19:27:05 Installed Microsoft Fix it Solution - f4c2a476-3532-4511-a4be-0f5ccc5501af 14-12-2014 19:31:59 Windows Update 15-12-2014 00:03:13 Windows Backup 15-12-2014 08:02:03 Windows Update 15-12-2014 12:39:13 Windows Update 16-12-2014 04:41:05 Windows Update 16-12-2014 15:48:51 Windows Update 16-12-2014 22:18:09 Windows Update 16-12-2014 22:26:48 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-12-16 19:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0EEEE2B9-FED5-4AE5-A3C4-2D4F4CDD2731} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: {13DD05D5-5A4A-46E7-82F5-480999456AD6} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] () Task: {1C792F3C-DE70-43C2-AE7A-6C6F0A4BCC89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-29] (Google Inc.) Task: {284BBFB7-4C44-4C47-86EE-3D10EEA9B7CE} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {2D0DB449-64DE-407E-87D5-1E60B2434A2B} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-12-02] (Reimage®) <==== ATTENTION Task: {37407333-1B1E-4EE5-AF15-D4C7CF61E356} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard) Task: {480CCC46-46E0-42FE-A72A-8D177CA571F3} - System32\Tasks\{5F9BE6CE-1491-4EB0-A3DC-044BE4AC1F2B} => pcalua.exe -a C:\Users\cass\Downloads\Programs\mobilego_setup_full818.exe -d C:\Users\cass\AppData\Roaming\IDM Task: {5E042431-9097-49D9-B35B-C486762C2299} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {648573C4-CB93-4EBF-B54A-6C29FB106598} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {6F67FA04-6B5D-41C3-83D1-ECBB4FFCC315} - System32\Tasks\{AEB5BD60-A961-4ACC-898A-8375300D1F79} => pcalua.exe -a C:\Users\cass\Downloads\Programs\HightailDesktop.exe -d C:\Users\cass\AppData\Roaming\IDM Task: {75D8E35F-7E4F-4E79-8267-5CDB57F53854} - \HPCeeScheduleForcass No Task File <==== ATTENTION Task: {894B6541-F72C-4927-879B-095C1A617094} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2012-09-17] (TuneUp Software) Task: {8DDD33EE-802F-44BC-80DF-4186B9F63580} - System32\Tasks\{0685E9CE-25D4-4593-82CF-F5971C00CAFA} => pcalua.exe -a C:\Users\cass\Downloads\Programs\ActiveSetupN_2.exe -d C:\Users\cass\AppData\Roaming\IDM Task: {94C1B146-1645-4447-8550-C5BAD5250BDF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {95436084-9EBB-4533-9708-7E52841551D5} - \Microsoft\Windows\Application Experience\ProgramDataUpdater No Task File <==== ATTENTION Task: {A29106AA-BB5A-4824-8566-1E5CCC09B431} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {B2C80380-2AAB-4AB3-9E92-6157F6F0D95E} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink) Task: {B77866F4-26CC-4573-BB8B-6E7CFC6C232C} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] () Task: {BA78094A-BD70-4E76-8FCA-84D9B6CEC81B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe Task: {BC89ADA1-E317-4A50-936F-3542F63B1C26} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-06-02] (Siber Systems) Task: {CDA901D5-7EBC-4394-86FA-A4C9AEE343F2} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated) Task: {D9B19A98-33EB-4850-9693-A52F68084EC9} - System32\Tasks\{26F095B5-45EC-4E7A-8B6C-5EAA6DC18521} => pcalua.exe -a "C:\Users\cass\AppData\Local\Temp\Rar$EX02.833\TuneUp Utilities 2013\setup.exe" -d "C:\Users\cass\AppData\Local\Temp\Rar$EX02.833\TuneUp Utilities 2013" Task: {DA30EF37-BA09-483D-BD14-5B6208B1E184} - System32\Tasks\4607 => Wscript.exe C:\Users\cass\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {DB58651F-B931-49F9-8BD5-0CFB0D21245D} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {DDBADA4F-E752-46F2-998C-F3C29295E750} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {DEF00EC4-8457-4375-87C3-F7E74FE4AB13} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {E3CD0074-91BC-4A40-AFD2-F706EB6B265B} - System32\Tasks\{CC22347A-4594-4FF3-B0AE-31D1FBF335D2} => Iexplore.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM Task: {E74BD148-6EC7-4559-B4E1-48059560ED83} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMIMGMOMHMIMMMNJIMCNMMLMNMMJCNLMOMGMKJCNGMMMMMPMCNMJIMJJLMGMPMIMNJPMMJLMPMJNJICMJMCNGMCNGMLMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMGJKJOJLJLJFMOMNMMMJNHICMEKMICNJJCKJNBJCMMJOJMIMIJNKJCMJNNICMJNDJCMKJBJ" Task: {F34DE712-99C4-47E7-80B5-3FBF505FDBA9} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe Task: {F3AAE04D-4706-4428-B2F0-95F3604A809B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-29] (Google Inc.) Task: {F58394DF-72DF-4FF0-AD6E-5620992EE46B} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser No Task File <==== ATTENTION Task: {F9CC8F95-91D7-4F47-9A8E-B91213E28196} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-09] (Adobe Systems Incorporated) Task: {FD08CBC2-4137-4C4F-AA7B-5EC086D4BE04} - System32\Tasks\DivX online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2013-01-29 15:31 - 2009-12-12 15:12 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2014-02-24 09:39 - 2014-12-04 18:58 - 00456504 _____ () C:\Users\cass\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe 2014-12-02 06:50 - 2014-12-02 06:50 - 06745440 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe 2014-12-10 20:19 - 2014-11-06 15:04 - 00025088 _____ () C:\Program Files\SAMSUNG\Samsung Link\JniSys.dll 2014-12-10 20:19 - 2014-11-06 15:04 - 02633728 _____ () C:\Program Files\SAMSUNG\Samsung Link\scone_proxy.dll 2014-12-10 20:19 - 2014-11-06 15:04 - 02540544 _____ () C:\Program Files\SAMSUNG\Samsung Link\scone_stub.dll 2013-12-21 11:25 - 2013-12-21 11:25 - 00036864 _____ () C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\64bit\JNIInterface.dll 2013-12-21 11:26 - 2013-12-21 11:26 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\ASFAPI.dll 2013-12-21 11:27 - 2013-12-21 11:27 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\MediaDB_Manager.dll 2013-10-22 09:52 - 2013-10-22 09:52 - 00030720 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\MediaDB64.dll 2013-10-22 09:52 - 2013-10-22 09:52 - 00908800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\ContentDirectoryPresenter64.dll 2014-12-16 19:36 - 2014-12-16 19:36 - 00669696 _____ () C:\Windows\Temp\sqlite-3.7.151-amd64-sqlitejdbc.dll 2014-12-10 20:19 - 2014-11-06 15:04 - 00049664 _____ () C:\Program Files\SAMSUNG\Samsung Link\JniIO.dll 2013-12-11 16:46 - 2013-12-11 16:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll 2013-10-22 09:48 - 2013-10-22 09:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll 2013-10-24 16:53 - 2013-10-24 16:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll 2013-12-11 16:46 - 2013-12-11 16:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll 2013-12-11 16:46 - 2013-12-11 16:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll 2013-10-25 19:49 - 2013-10-25 19:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll 2013-12-11 16:45 - 2013-12-11 16:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll 2013-10-25 19:53 - 2013-10-25 19:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll 2013-10-25 19:53 - 2013-10-25 19:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll 2013-12-11 16:45 - 2013-12-11 16:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll 2013-10-25 19:53 - 2013-10-25 19:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll 2013-10-24 16:53 - 2013-10-24 16:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll 2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-08-07 14:25 - 2013-08-07 14:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2009-10-22 20:50 - 2009-10-22 20:50 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll 2014-12-08 23:42 - 2014-12-08 23:42 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:F8AF2BB9 AlternateDataStreams: C:\Users\cass\Desktop\One Tiny Lie.lnk:mf_x AlternateDataStreams: C:\Users\cass\Documents\RoboForm files (216) are attached.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: HP Support Assistant Service => 2 MSCONFIG\Services: hpqwmiex => 3 MSCONFIG\Services: LightScribeService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: TuneUp.UtilitiesSvc => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MobileGo Service.lnk => C:\Windows\pss\MobileGo Service.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^cass^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe MSCONFIG\startupreg: combofix => C:\ComboFix\CF12078.3XE /c C:\ComboFix\Combobatch.bat MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: Driver Support => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false MSCONFIG\startupreg: Foxit Software Update => regsvr32.exe "C:\Users\cass\AppData\Local\Foxit Software\MSRD3X40.dll" MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: Hightail Sync Agent => "C:\Program Files (x86)\Hightail Desktop App\Hightail.exe" MSCONFIG\startupreg: Hightail.exe => C:\Program Files (x86)\Hightail\Express\Hightail.exe -ui none MSCONFIG\startupreg: HP Input Device Main Program => C:\Program Files\Hewlett-Packard\HP Wireless Deluxe Desktop Combo\TSR\xDaemon.exe MSCONFIG\startupreg: HP Officejet 4620 series (NET) => "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN246120YH05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1 MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\idman.exe /onboot MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden MSCONFIG\startupreg: MediaFire Tray => C:\Users\cass\AppData\Local\MediaFire Desktop\mf_watch.exe MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup MSCONFIG\startupreg: PC-Doctor for Windows localizer => C:\Program Files\PC-Doctor for Windows\localizer.exe MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" MSCONFIG\startupreg: Samsung Link => "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\cass\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\cass\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe" MSCONFIG\startupreg: Wondershare Helper Compact => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe MSCONFIG\startupreg: ZipScript => C:\Users\cass\Desktop\WORDsearch 10\ZipScript.exe ========================= Accounts: ========================== Administrator (S-1-5-21-3204655562-3042467115-2064883207-500 - Administrator - Disabled) cass (S-1-5-21-3204655562-3042467115-2064883207-1001 - Administrator - Enabled) => C:\Users\cass Guest (S-1-5-21-3204655562-3042467115-2064883207-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3204655562-3042467115-2064883207-1005 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Microsoft Teredo Tunneling Adapter Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: AntiLog32 Description: AntiLog32 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AntiLog32 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (12/16/2014 07:07:21 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. Error: (12/16/2014 04:14:50 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: df0 Start Time: 01d01974dd7d3740 Termination Time: 0 Application Path: C:\Users\cass\Desktop\OTL.exe Report Id: 80f33911-8568-11e4-8ce3-001fc6fd73ab System errors: ============= Error: (12/16/2014 08:04:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (12/16/2014 08:02:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (12/16/2014 08:00:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Program Compatibility Assistant Service service terminated with the following error: %%126 Error: (12/16/2014 08:00:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Program Compatibility Assistant Service service terminated with the following error: %%126 Error: (12/16/2014 08:00:22 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} Error: (12/16/2014 07:59:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Program Compatibility Assistant Service service terminated with the following error: %%126 Error: (12/16/2014 07:58:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Program Compatibility Assistant Service service terminated with the following error: %%126 Error: (12/16/2014 07:57:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Program Compatibility Assistant Service service terminated with the following error: %%126 Error: (12/16/2014 07:34:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Program Compatibility Assistant Service service terminated with the following error: %%126 Error: (12/16/2014 07:32:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-12-16 19:31:23.452 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-16 19:31:23.374 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-16 19:31:23.311 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-16 19:31:23.249 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-15 09:13:39.477 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-15 09:13:39.399 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-15 09:13:39.337 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-15 09:13:39.274 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-14 21:37:45.743 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-14 21:37:45.665 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 240 Processor Percentage of memory in use: 64% Total physical RAM: 3839.3 MB Available physical RAM: 1352.15 MB Total Pagefile: 7676.79 MB Available Pagefile: 5289.33 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:687.76 GB) (Free:416.62 GB) NTFS Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.77 GB) (Free:1.54 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (FreeAgent GoFlex Drive G) (Fixed) (Total:1863.01 GB) (Free:362.45 GB) NTFS Drive h: (FreeAgent GoFlex Drive) (Fixed) (Total:2794.51 GB) (Free:336.67 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 3C5B0E4C) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=687.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10.8 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 1. ======================================================== Disk: 2 (Size: 1863 GB) (Disk ID: A4B57300) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End Of Log ============================