[tamra521]

I've had the hardest time getting this Fixila PC Optimizer program uninstalled from my PC. I've tried going through the Windows Uninstaller and I've tried the REVO Uninstaller... neither of them are working. I get an error that says: Messages file "C:\Program Files\Fixila PC Optimizer\unins000.msg" is missing. Please correct the problem or obtain a new copy of the program. Obviously I don't want to obtain a new copy of the program (sigh).... can anyone help me out? I'm running Windows Vista (32 bit).

[Advertisements]

Hi tamra521,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

• As I am in the final phase of training right now, my responses to you may be delayed slightly as they have to be checked by my adviser (good news for you, as there will be two sets of eyes fixing your problem). I promise to be as prompt as possible in helping you, so please bear with me and we will get through this.
• Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
• All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
• Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
• Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
• If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
• While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
• Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
• Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

Let's get started....


Please download Farbar Recovery Scan Tool and save it to your Desktop.

The link above should give you the correct version for your OS (you stated it is 32bit). Let us know if this is not correct.

• Right click on the file and select "Run as Administrator". When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

[dbreeze]

Hi tamra521,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

• As I am in the final phase of training right now, my responses to you may be delayed slightly as they have to be checked by my adviser (good news for you, as there will be two sets of eyes fixing your problem). I promise to be as prompt as possible in helping you, so please bear with me and we will get through this.
• Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
• All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
• Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
• Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
• If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
• While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
• Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
• Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

Let's get started....


Please download Farbar Recovery Scan Tool and save it to your Desktop.

The link above should give you the correct version for your OS (you stated it is 32bit). Let us know if this is not correct.

• Right click on the file and select "Run as Administrator". When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

[tamra521]

Thank you for your fast response. I am going to back up my files to an external hard drive today and get started on your instructions. I will let you know as soon as I'm ready for the next step.

[tamra521]

I've backed up all of my important files. Here are the results from the scans...

 

FRST.txt Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:2-08-2014
Ran by Tamra_2 (administrator) on FAMILY-PC on 05-08-2014 12:47:59
Running from C:\Users\Tamra_2\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(i-Funbox.com) C:\Program Files\iFunbox 2014\iFunBox2014.exe
(Creative Home) C:\Program Files\Creative Home\Hallmark Card Studio 2009 Deluxe\Planner\PLNRnote.exe
(Dropbox, Inc.) C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Sun Microsystems, Inc.) C:\Windows\System32\jusched.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Netgear\VISTA_GA311\GA311.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [YSearchProtection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [EPSON NX100 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDA.EXE /FU "C:\Windows\TEMP\E_S28E6.tmp" /EF "HKCU"
HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [Spotify] => "C:\Users\Tamra_2\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [iFunBox Price Watch] => C:\Program Files\iFunbox 2014\iFunBox2014.exe [7748096 2013-11-26] (i-Funbox.com)
HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [Driver Support] => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\MountPoints2: {681f40f5-ac3b-11de-b5cb-001e8c8ab455} - L:\LaunchU3.exe -a
HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\MountPoints2: {73440e08-c45b-11dc-b250-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\MountPoints2: {e656b39e-8f1b-11de-be03-001e8c8ab455} - K:\LaunchU3.exe -a
HKU\S-1-5-21-302356221-3822570288-777696681-1004\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-302356221-3822570288-777696681-1004\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder 2009.lnk
ShortcutTarget: Event Planner Reminder 2009.lnk -> C:\Windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe (Macrovision Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk
ShortcutTarget: GA311 Smart Wizard Utility.lnk -> C:\Program Files\Netgear\VISTA_GA311\G311.exe ()
Startup: C:\Users\Tad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Tamra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk
ShortcutTarget: GoZone iSync.lnk -> C:\Program Files\GoZone\GoZone_iSync.exe (No File)
Startup: C:\Users\Tamra_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tamra_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
Startup: C:\Users\Tamra_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Trinity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PriincaeCoupon -> {65B5875E-22D8-C4AD-710C-7FCA9E9CEEE5} -> C:\ProgramData\PriincaeCoupon\U.dll No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: saviNgtoyou -> {880CBD31-3A0E-874E-C44B-6F75165022CC} -> C:\ProgramData\saviNgtoyou\AhL9QIWkK.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files\Common Files\doubleTwist\NPPodcast.dll No File
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Tamra_2\Desktop\npAmazonMP3DownloaderPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: ShoopperMastter - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2014-08-04]
FF Extension: greiatsaaving - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2014-08-04]
FF Extension: FluashCoupon - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2014-08-04]
FF Extension: LLuckyShoppEr - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2014-08-04]
FF Extension: BietterPrriceeChec - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2014-08-04]
FF Extension: No Name - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\staged [2013-10-20]
FF Extension: No Name - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2011-12-20]
FF Extension: GPComponent - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0} [2013-08-25]
FF Extension: Personas Plus - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2011-04-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-06-27]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}] - C:\Users\Tamra_2\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-05-22] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-05-22] (Symantec Corporation)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-02-17] (Symantec Corporation)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2008-09-23] (Motive Communications, Inc.) [File not signed]
R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1885488 2011-05-22] (Symantec Corporation)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [357704 2011-05-22] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1832072 2011-05-22] (Symantec Corporation)
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2009-10-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-07-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-07-14] (Symantec Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2008-11-25] (LeapFrog) [File not signed]
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-08-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-08-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20140803.034\NAVENG.SYS [93272 2014-07-14] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20140803.034\NAVEX15.SYS [1612376 2014-07-14] (Symantec Corporation)
R3 NetgearGA311; C:\Windows\System32\DRIVERS\G311N6.sys [70144 2007-01-22] (Netgear Inc.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [28160 2007-02-05] (Windows ® Codename Longhorn DDK provider)
S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [19744 2011-10-26] (Silicon Laboratories)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2011-05-22] (Symantec Corporation)
S3 SPPD; C:\Windows\system32\drivers\SPPD.sys [18872 2014-08-01] ()
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [283184 2011-05-22] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320944 2011-05-22] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2011-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [125488 2011-05-22] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-10-03] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-10-03] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [67472 2011-05-22] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [43376 2011-05-22] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-09-27] (Symantec Corporation)
R3 xcbdaNtsc; C:\Windows\System32\DRIVERS\xcbda.sys [156928 2007-09-07] (ViXS Systems Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 12:47 - 2014-08-05 12:48 - 00021599 _____ () C:\Users\Tamra_2\Downloads\FRST.txt
2014-08-05 12:47 - 2014-08-05 12:48 - 00000000 ____D () C:\FRST
2014-08-05 12:46 - 2014-08-05 12:46 - 01084928 _____ (Farbar) C:\Users\Tamra_2\Downloads\FRST.exe
2014-08-05 11:21 - 2014-08-05 11:21 - 00000000 ____D () C:\Windows\LastGood
2014-08-05 10:49 - 2014-08-05 10:49 - 00230584 _____ () C:\Windows\Minidump\Mini080514-01.dmp
2014-08-05 09:55 - 2014-08-05 09:55 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-05 09:55 - 2014-08-05 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-05 09:54 - 2014-08-05 09:55 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-05 09:54 - 2014-08-05 09:55 - 00000000 ____D () C:\Program Files\iTunes
2014-08-05 09:54 - 2014-08-05 09:54 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 21:54 - 2014-08-04 21:55 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 21:54 - 2014-08-04 21:54 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 21:54 - 2014-08-04 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 21:54 - 2014-08-04 21:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-04 21:54 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-04 21:54 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 21:39 - 2014-08-04 21:39 - 01283632 _____ () C:\Users\Tamra_2\Downloads\Setup(1).exe
2014-08-04 20:38 - 2014-08-04 20:41 - 00000000 ____D () C:\AdwCleaner
2014-08-04 18:29 - 2014-08-04 18:29 - 00185648 ____H () C:\Windows\system32\mlfcache.dat
2014-08-04 18:29 - 2014-08-04 18:29 - 00001027 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-08-04 18:29 - 2014-08-04 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-08-04 18:29 - 2014-08-04 18:29 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-04 18:29 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-08-04 17:35 - 2014-08-04 17:35 - 00000000 ____D () C:\Users\Tamra_2\AppData\Local\VS Revo Group
2014-08-04 17:35 - 2014-08-04 17:35 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-08-04 16:56 - 2014-08-04 16:56 - 00000000 ____D () C:\Program Files\RoyAlCouPon
2014-08-04 16:25 - 2014-08-04 16:25 - 00000000 ____D () C:\Program Files\FFlashCoupon
2014-08-03 21:52 - 2014-08-04 17:21 - 00000000 ____D () C:\ProgramData\FFlashCoupon
2014-08-02 15:20 - 2014-08-04 17:21 - 00000000 ____D () C:\ProgramData\RoyAlCouPon
2014-08-02 09:13 - 2014-08-02 09:13 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-01 18:47 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-08-01 18:46 - 2014-06-06 20:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-01 18:46 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-01 18:46 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-01 18:46 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-01 18:46 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-01 18:46 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-01 18:46 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-01 18:46 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-01 18:46 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-01 18:46 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-01 18:46 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-01 18:46 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-01 18:46 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-01 18:46 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-01 18:46 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-01 18:46 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-01 18:46 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-01 18:46 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-01 18:46 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-01 18:46 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-01 18:46 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-01 18:46 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-01 18:46 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-01 18:46 - 2014-05-30 02:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-01 18:46 - 2014-04-04 22:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-01 18:46 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-08-01 18:46 - 2014-03-09 21:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-08-01 17:43 - 2014-08-01 17:43 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-08-01 16:52 - 2014-08-01 16:52 - 00000680 _____ () C:\Users\Tamra\AppData\Local\d3d9caps.dat
2014-08-01 16:50 - 2014-08-01 16:50 - 00000000 ____D () C:\Users\Tamra\AppData\Roaming\Fixila
2014-08-01 16:48 - 2014-08-01 16:48 - 00000000 _____ () C:\t1n0.2
2014-08-01 16:48 - 2014-08-01 16:48 - 00000000 _____ () C:\t1n0.1

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 12:48 - 2014-08-05 12:47 - 00021599 _____ () C:\Users\Tamra_2\Downloads\FRST.txt
2014-08-05 12:48 - 2014-08-05 12:47 - 00000000 ____D () C:\FRST
2014-08-05 12:46 - 2014-08-05 12:46 - 01084928 _____ (Farbar) C:\Users\Tamra_2\Downloads\FRST.exe
2014-08-05 12:25 - 2012-04-21 10:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-05 11:23 - 2008-01-16 13:53 - 01393610 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 11:21 - 2014-08-05 11:21 - 00000000 ____D () C:\Windows\LastGood
2014-08-05 11:21 - 2008-08-20 09:56 - 00000000 ____D () C:\Users\Tamra_2
2014-08-05 11:16 - 2006-11-02 06:33 - 00763586 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-05 10:55 - 2012-04-10 20:02 - 00000000 ___RD () C:\Users\Tamra_2\Dropbox
2014-08-05 10:55 - 2012-04-10 20:01 - 00000000 ____D () C:\Users\Tamra_2\AppData\Roaming\Dropbox
2014-08-05 10:53 - 2006-11-02 08:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-05 10:50 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 10:50 - 2006-11-02 08:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-05 10:50 - 2006-11-02 08:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-05 10:49 - 2014-08-05 10:49 - 00230584 _____ () C:\Windows\Minidump\Mini080514-01.dmp
2014-08-05 10:49 - 2013-05-15 21:26 - 247211178 _____ () C:\Windows\MEMORY.DMP
2014-08-05 10:49 - 2008-08-23 03:21 - 00000000 ____D () C:\Windows\Minidump
2014-08-05 10:49 - 2008-08-19 20:27 - 00668380 _____ () C:\Windows\PFRO.log
2014-08-05 10:34 - 2006-11-02 09:01 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-05 09:55 - 2014-08-05 09:55 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-05 09:55 - 2014-08-05 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-05 09:55 - 2014-08-05 09:54 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-05 09:55 - 2014-08-05 09:54 - 00000000 ____D () C:\Program Files\iTunes
2014-08-05 09:54 - 2014-08-05 09:54 - 00000000 ____D () C:\Program Files\iPod
2014-08-05 09:54 - 2008-08-19 22:06 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-04 22:47 - 2014-04-10 13:29 - 00000000 ___HD () C:\Users\Tamra_2\AppData\Roaming\XKDDT
2014-08-04 22:38 - 2014-05-27 21:54 - 00000000 ____D () C:\Users\Tamra_2\AppData\Roaming\Open Download Manager
2014-08-04 22:35 - 2013-11-05 20:48 - 00002241 _____ () C:\Users\Tamra_2\Desktop\Safari.lnk
2014-08-04 21:55 - 2014-08-04 21:54 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 21:54 - 2014-08-04 21:54 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 21:54 - 2014-08-04 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 21:54 - 2014-08-04 21:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-04 21:54 - 2011-02-25 17:29 - 00000000 ____D () C:\Users\Tamra_2\AppData\Roaming\Malwarebytes
2014-08-04 21:54 - 2010-03-02 18:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 21:39 - 2014-08-04 21:39 - 01283632 _____ () C:\Users\Tamra_2\Downloads\Setup(1).exe
2014-08-04 21:33 - 2014-03-31 21:39 - 00029987 _____ () C:\szfixila.log
2014-08-04 21:24 - 2014-03-31 21:39 - 00000000 ____D () C:\Program Files\Fixila PC Optimizer
2014-08-04 20:41 - 2014-08-04 20:38 - 00000000 ____D () C:\AdwCleaner
2014-08-04 18:59 - 2010-08-17 11:01 - 00002587 _____ () C:\Users\Tamra_2\Desktop\Microsoft Office Word 2007.lnk
2014-08-04 18:42 - 2012-07-07 22:55 - 00000000 ____D () C:\Users\Tamra_2\AppData\Local\Unity
2014-08-04 18:35 - 2013-08-25 18:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-04 18:29 - 2014-08-04 18:29 - 00185648 ____H () C:\Windows\system32\mlfcache.dat
2014-08-04 18:29 - 2014-08-04 18:29 - 00001027 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-08-04 18:29 - 2014-08-04 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-08-04 18:29 - 2014-08-04 18:29 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-04 18:12 - 2009-09-26 10:14 - 00000000 ____D () C:\Program Files\Google
2014-08-04 18:11 - 2014-01-19 13:26 - 00000000 ____D () C:\Users\Tamra_2\AppData\Local\Google
2014-08-04 18:06 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-04 17:35 - 2014-08-04 17:35 - 00000000 ____D () C:\Users\Tamra_2\AppData\Local\VS Revo Group
2014-08-04 17:35 - 2014-08-04 17:35 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-08-04 17:22 - 2013-08-25 20:10 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-08-04 17:21 - 2014-08-03 21:52 - 00000000 ____D () C:\ProgramData\FFlashCoupon
2014-08-04 17:21 - 2014-08-02 15:20 - 00000000 ____D () C:\ProgramData\RoyAlCouPon
2014-08-04 17:17 - 2014-04-06 18:13 - 00000000 ____D () C:\Program Files\Origin Games
2014-08-04 17:17 - 2010-06-20 09:57 - 00000000 ____D () C:\Program Files\TomTom HOME 2
2014-08-04 17:16 - 2007-01-01 10:46 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-04 17:15 - 2012-05-12 21:27 - 00000000 ____D () C:\Program Files\Electronic Arts
2014-08-04 17:02 - 2013-08-18 17:32 - 00000000 ____D () C:\Program Files\EA GAMES
2014-08-04 16:56 - 2014-08-04 16:56 - 00000000 ____D () C:\Program Files\RoyAlCouPon
2014-08-04 16:56 - 2014-04-21 16:53 - 00000000 ____D () C:\ProgramData\95dfe9498b4de734
2014-08-04 16:50 - 2014-04-27 14:53 - 00000000 ____D () C:\Program Files\Paint.NET
2014-08-04 16:48 - 2014-04-06 18:10 - 00000000 ____D () C:\ProgramData\Origin
2014-08-04 16:38 - 2014-03-17 16:42 - 00000000 ____D () C:\Program Files\MSI Afterburner
2014-08-04 16:26 - 2014-04-04 17:39 - 00000000 ____D () C:\Program Files\Gameiki
2014-08-04 16:25 - 2014-08-04 16:25 - 00000000 ____D () C:\Program Files\FFlashCoupon
2014-08-04 15:02 - 2014-03-31 21:40 - 00000294 _____ () C:\Windows\Tasks\Fixila PC Optimizer_DEFAULT.job
2014-08-02 09:24 - 2006-11-02 08:47 - 00402568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-02 09:22 - 2009-05-29 20:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-02 09:20 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-02 09:17 - 2008-08-22 19:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-02 09:13 - 2014-08-02 09:13 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-02 09:08 - 2010-06-04 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-01 21:27 - 2014-03-31 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon
2014-08-01 21:27 - 2014-03-09 12:05 - 00000000 ____D () C:\Program Files\iFunbox 2014
2014-08-01 21:27 - 2013-08-23 19:11 - 00000000 ____D () C:\Program Files\iExplorer
2014-08-01 21:27 - 2009-11-21 10:33 - 00000000 ____D () C:\Users\Guest
2014-08-01 21:27 - 2008-08-29 15:41 - 00000000 ____D () C:\Users\Trinity
2014-08-01 21:27 - 2008-08-20 16:38 - 00000000 ____D () C:\Users\Tad
2014-08-01 21:27 - 2008-08-19 20:32 - 00000000 ____D () C:\Users\Tamra
2014-08-01 21:27 - 2007-01-01 11:01 - 00000000 ____D () C:\Program Files\PC-Doctor 5 for Windows
2014-08-01 21:27 - 2007-01-01 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2014-08-01 21:27 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-08-01 21:27 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-08-01 21:27 - 2006-11-02 06:22 - 58458112 _____ () C:\Windows\system32\config\software_previous
2014-08-01 21:26 - 2014-04-10 13:43 - 00000000 ____D () C:\Users\Tamra_2\AppData\Roaming\Fixila
2014-08-01 21:26 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-08-01 21:24 - 2014-04-22 16:32 - 00000000 ____D () C:\Users\Tamra_2\AppData\Local\PC_Drivers_Headquarters
2014-08-01 21:24 - 2014-04-22 16:32 - 00000000 ____D () C:\ProgramData\Driver Support
2014-08-01 21:21 - 2014-03-31 21:10 - 00000000 ____D () C:\Program Files\Daring Development
2014-08-01 21:20 - 2006-11-02 06:22 - 29097984 _____ () C:\Windows\system32\config\system_previous
2014-08-01 21:04 - 2006-11-02 06:22 - 50593792 _____ () C:\Windows\system32\config\components_previous
2014-08-01 21:04 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-08-01 19:25 - 2012-04-21 10:34 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-01 19:25 - 2011-05-28 10:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-01 18:04 - 2014-04-03 10:15 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-08-01 17:46 - 2012-04-10 20:02 - 00000968 _____ () C:\Users\Tamra_2\Desktop\Dropbox.lnk
2014-08-01 17:46 - 2012-04-10 20:02 - 00000000 ____D () C:\Users\Tamra_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-01 17:43 - 2014-08-01 17:43 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-08-01 17:43 - 2014-06-09 19:35 - 00000000 ____D () C:\Users\Tamra_2\AppData\Roaming\Origin
2014-08-01 17:42 - 2011-07-05 21:13 - 00000000 ____D () C:\Users\Tamra_2\AppData\Roaming\HpUpdate
2014-08-01 16:52 - 2014-08-01 16:52 - 00000680 _____ () C:\Users\Tamra\AppData\Local\d3d9caps.dat
2014-08-01 16:52 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-08-01 16:50 - 2014-08-01 16:50 - 00000000 ____D () C:\Users\Tamra\AppData\Roaming\Fixila
2014-08-01 16:48 - 2014-08-01 16:48 - 00000000 _____ () C:\t1n0.2
2014-08-01 16:48 - 2014-08-01 16:48 - 00000000 _____ () C:\t1n0.1
2014-08-01 16:48 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous

Some content of TEMP:
====================
C:\Users\Tad\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\Tamra\AppData\Local\Temp\Browser_Update.exe
C:\Users\Tamra\AppData\Local\Temp\ose00000.exe
C:\Users\Tamra\AppData\Local\Temp\_is778F.exe
C:\Users\Tamra\AppData\Local\Temp\_isB9FB.exe
C:\Users\Tamra\AppData\Local\Temp\_isBD94.exe
C:\Users\Tamra_2\AppData\Local\Temp\dqbjqy8x.dll
C:\Users\Tamra_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptjzvit.dll
C:\Users\Tamra_2\AppData\Local\Temp\eauninstall.exe
C:\Users\Tamra_2\AppData\Local\Temp\First15.exe
C:\Users\Tamra_2\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe
C:\Users\Tamra_2\AppData\Local\Temp\Quarantine.exe
C:\Users\Tamra_2\AppData\Local\Temp\RegSvcs.exe
C:\Users\Tamra_2\AppData\Local\Temp\The Sims 2_uninst.exe
C:\Users\Tamra_2\AppData\Local\Temp\VP6Install.exe
C:\Users\Tamra_2\AppData\Local\Temp\VP6VFW.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-05 11:11

==================== End Of Log ============================

 

 

 

 

 

Addition.txt Log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:2-08-2014
Ran by Tamra_2 at 2014-08-05 12:49:26
Running from C:\Users\Tamra_2\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2009 Hallmark Bonus Pack (HKLM\...\{D72458FA-A768-4721-BE97-6E03BC1B5041}) (Version: 1.0.0.1 - Creative Home)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0.1 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avery Wizard 4.0 (HKLM\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1019 - CyberLink Corp.)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Evernote v. 4.3 (HKLM\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.3.0.4368 - Evernote Corp.)
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Fixila PC Optimizer (HKLM\...\Fixila PC Optimizer_is1) (Version: 1.0 - Fixila)
GearDrvs (Version: 5.0.0.2 - Symantec Corporation) Hidden
Hallmark Card Studio 2009 Deluxe (HKLM\...\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}) (Version: 10.0.0.28 - Creative Home)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4589.14 - PC-Doctor, Inc.)
Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden
Horizon v2.7.8.0 (HKLM\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.8.0 - Daring Development Inc.)
HP Active Support Library (HKLM\...\{11BB336F-0E58-4977-B866-F24FA334616B}) (Version: 2.3.0.2 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AFAD41A9-9687-48A3-848F-693C11451433}) (Version: 5.4.0.2360 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{6E5A0256-C1BB-4A4E-99CE-B87CC4383744}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Help (HKLM\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
HP Photosmart Plus B210 series Product Improvement Study (HKLM\...\{03148D0A-6C27-4204-AE01-CFA089D19618}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
iExplorer 3.2.4.0 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
iFunBox 2014 (v3.1.562.425), iFunbox DevTeam (HKLM\...\iFunBox 2014_is1) (Version: v3.1.562.425 - )
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java™ SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2209 - CyberLink Corp.)
LightScribe System Software  1.10.16.1 (HKLM\...\{E6CFBFB5-9232-410C-B353-AF6E614B2681}) (Version: 1.10.16.1 - http://www.lightscribe.com)
LightScribe Template Labeler (HKLM\...\{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}) (Version: 1.10.13.1 - LightScribe)
LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.96 - Symantec Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 (HKLM\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{E8C2622C-9FF1-4F60-8008-A0208154F9F3}) (Version: 6.10.050 - muvee Technologies)
NETGEAR GA311 Gigabit Adapter (HKLM\...\{9E7300DD-08A3-4B3F-AEE1-1450843FE86E}) (Version: 1.00.0000 - Netgear)
Network Play System (Patching) (HKLM\...\Network Play System (Patching)) (Version:  - )
NVIDIA Control Panel 296.19 (Version: 296.19 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Graphics Driver 296.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.19 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA Update 1.7.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.7.12 - NVIDIA Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Open Downloader Manager (HKLM\...\OpenDownloaderManager) (Version:  - )
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3417 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2209 - CyberLink Corp.)
PowerDirector (Version: 6.5.2209 - CyberLink Corp.) Hidden
PriincaeCoupon (HKLM\...\{D86C82B0-1F02-816A-5F3D-6466F6A67566}) (Version:  - PriinnceCoupon) <==== ATTENTION
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
ResumeMaker (HKLM\...\{A4ECF10E-8914-4E29-9E48-8BE2F57558DC}) (Version: 16.0.0 - Individual Software Inc.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
saviNgtoyou (HKLM\...\{A2616871-3463-BCEE-5AFA-73773317A381}) (Version:  - savingtoyou)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Symantec Endpoint Protection (HKLM\...\{FA272494-8DEA-43CF-9BFF-652553C04265}) (Version: 11.0.6100.645 - Symantec Corporation)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{000F1EA4-5E08-4564-A29B-29076F63A37A}\InprocServer32 -> C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{0207CA76-8233-4478-9A40-607AC304C435}\InprocServer32 -> C:\Users\Tamra_2\AppData\Roaming\Avery\Avery Wizard 4.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}\localserver32 -> C:\PROGRA~1\COMMON~1\RESEAR~1\USBDRI~1\BbDevMgr.exe No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{10A31DA6-8BF9-4767-9C2E-E4C4F4FF2310}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\rim_hh.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}\localserver32 -> C:\PROGRA~1\COMMON~1\RESEAR~1\RIMDEV~1\RIMDEV~1.EXE No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{2BB2DE4F-FCDF-46F2-9723-5B1959E1BDE0}\InprocServer32 -> C:\Users\Tamra_2\AppData\Roaming\Avery\Avery Wizard 4.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{326787D9-37B9-47A6-B539-EE13E7B04B8B}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{3A7AD31E-F164-4861-928B-4FE44092F5B8}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\Data Migration Wizard\Connectors\Wind (the data entry has 47 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{5F6FFE82-8B74-43BF-A583-EF4E3AEF9C3D}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\Data Migration Wizard\Connectors\Palm (the data entry has 30 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{78496FD9-A9D7-4F59-8934-84A5DC5679D8}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\Data Migration Wizard\Connectors\Palm (the data entry has 29 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{7ad3508e-238c-584c-9c26-b0d3417ae12f}\InprocServer32 -> C:\Users\Tamra_2\Desktop\npAmazonMP3DownloaderPlugin.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{82D1C283-A637-4A07-B1EC-8C7AE661EAF1}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{8376CB5C-B66B-4678-AB07-03E5FDA2F04E}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\Data Migration Wizard\CXLServer1.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{95775FC2-FFFA-4432-A4BC-352AB1A84581}\InprocServer32 -> C:\Users\Tamra_2\AppData\Roaming\Avery\Avery Wizard 4.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{990D9B6F-6621-11D9-AD6A-000C29B1E318}\InprocServer32 -> C:\Users\Tamra_2\AppData\Roaming\Avery\Avery Wizard 4.0\AveryOAd.dll (Avery Dennison Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{A4DB76BC-7A1C-44e7-8B3F-9F55E7AF32C0}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\YahooNotifier.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{A7266397-8FCE-495E-847A-13E56C5E5F56}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\rim_asci.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{B776FDAF-2388-42D0-8A7C-386E1BC2E19E}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\Data Migration Wizard\Connectors\Palm (the data entry has 27 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{B922E441-248E-419B-898C-D994FFBA56EE}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\RIMCXLServer.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}\localserver32 -> C:\PROGRA~1\COMMON~1\RESEAR~1\USBDRI~1\BbDevMgr.exe No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{BE892433-7479-4231-AB95-A313BDA3D409}\InprocServer32 -> C:\Users\Tamra_2\AppData\Roaming\Avery\Avery Wizard 4.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{CAFCE71A-72F0-41AD-A8A4-4F70CDD72381}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{D0E9EEAE-9AC7-4204-BA07-B72DD6077E82}\InprocServer32 -> C:\Users\Tamra_2\AppData\Roaming\Avery\Avery Wizard 4.0\AvWizRes.dll (Avery Dennison Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{D2776BCC-5F09-4068-B4E2-7EE1202F95CF}\InprocServer32 -> C:\Users\Tamra_2\AppData\Roaming\Avery\Avery Wizard 4.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{E2159021-A507-48F9-9DF1-EC5AFDBA5066}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\Data Migration Wizard\Connectors\Palm (the data entry has 26 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{E3AA9B8F-F8BF-4536-A3D8-B405A4C6B5AE}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\Yahoo Connector\DCSXlator.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}\localserver32 -> C:\PROGRA~1\COMMON~1\RESEAR~1\USBDRI~1\BbDevMgr.exe No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{F6CF0104-4F4A-4EBE-999D-A12D838E65B5}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgrPs.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{000F1EA4-5E08-4564-A29B-29076F63A37A}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\extensions\{000F1EA4- (the data entry has 54 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{0207CA76-8233-4478-9A40-607AC304C435}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Avery\Avery Wizard 4.0\EnvBCode.ocx No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}\localserver32 -> C:\PROGRA~1\COMMON~1\RESEAR~1\USBDRI~1\BbDevMgr.exe No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{10A31DA6-8BF9-4767-9C2E-E4C4F4FF2310}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\rim_hh.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}\localserver32 -> C:\PROGRA~1\COMMON~1\RESEAR~1\RIMDEV~1\RIMDEV~1.EXE No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{2BB2DE4F-FCDF-46F2-9723-5B1959E1BDE0}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Avery\Avery Wizard 4.0\EnvBCode.ocx No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{326787D9-37B9-47A6-B539-EE13E7B04B8B}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{3A7AD31E-F164-4861-928B-4FE44092F5B8}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\Data Migration Wizard\Connectors\Wind (the data entry has 47 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\UpdatusUser\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{5F6FFE82-8B74-43BF-A583-EF4E3AEF9C3D}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\Data Migration Wizard\Connectors\Palm (the data entry has 30 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Roblox\Versions\version-b646a9003f1e4f36\RobloxProxy.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{78496FD9-A9D7-4F59-8934-84A5DC5679D8}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\Data Migration Wizard\Connectors\Palm (the data entry has 29 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{7ad3508e-238c-584c-9c26-b0d3417ae12f}\InprocServer32 -> C:\Users\UpdatusUser\Desktop\npAmazonMP3DownloaderPlugin.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{82D1C283-A637-4A07-B1EC-8C7AE661EAF1}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{8376CB5C-B66B-4678-AB07-03E5FDA2F04E}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\Data Migration Wizard\CXLServer1.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{95775FC2-FFFA-4432-A4BC-352AB1A84581}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Avery\Avery Wizard 4.0\EnvBCode.ocx No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{990D9B6F-6621-11D9-AD6A-000C29B1E318}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Avery\Avery Wizard 4.0\AveryOAd.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{A4DB76BC-7A1C-44e7-8B3F-9F55E7AF32C0}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\YahooNotifier.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{A7266397-8FCE-495E-847A-13E56C5E5F56}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\rim_asci.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{B776FDAF-2388-42D0-8A7C-386E1BC2E19E}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\Data Migration Wizard\Connectors\Palm (the data entry has 27 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{B922E441-248E-419B-898C-D994FFBA56EE}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\RIMCXLServer.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}\localserver32 -> C:\PROGRA~1\COMMON~1\RESEAR~1\USBDRI~1\BbDevMgr.exe No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{BE892433-7479-4231-AB95-A313BDA3D409}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Avery\Avery Wizard 4.0\EnvBCode.ocx No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{CAFCE71A-72F0-41AD-A8A4-4F70CDD72381}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{D0E9EEAE-9AC7-4204-BA07-B72DD6077E82}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Avery\Avery Wizard 4.0\AvWizRes.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{D2776BCC-5F09-4068-B4E2-7EE1202F95CF}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Avery\Avery Wizard 4.0\EnvBCode.ocx No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{E2159021-A507-48F9-9DF1-EC5AFDBA5066}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\Data Migration Wizard\Connectors\Palm (the data entry has 26 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{E3AA9B8F-F8BF-4536-A3D8-B405A4C6B5AE}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\Yahoo Connector\DCSXlator.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> "C:\Users\Tamra_2\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll" No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> "C:\Users\Tamra_2\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll" No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}\localserver32 -> C:\PROGRA~1\COMMON~1\RESEAR~1\USBDRI~1\BbDevMgr.exe No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{F6CF0104-4F4A-4EBE-999D-A12D838E65B5}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgrPs.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> "C:\Users\Tamra_2\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll" No File
CustomCLSID: HKU\S-1-5-21-302356221-3822570288-777696681-1004_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> "C:\Users\Tamra_2\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll" No File

==================== Restore Points  =========================

04-08-2014 21:18:03 Removed TomTom HOME Visual Studio Merge Modules
04-08-2014 21:41:25 Revo Uninstaller Pro's restore point - Fixila PC Optimizer
04-08-2014 21:56:18 Revo Uninstaller Pro's restore point - Fixila PC Optimizer
04-08-2014 22:05:38 Removed Driver Support.
04-08-2014 22:30:11 Revo Uninstaller Pro's restore point - Fixila PC Optimizer
04-08-2014 22:31:46 Revo Uninstaller Pro's restore point - GorillaPrice
04-08-2014 22:37:44 Revo Uninstaller Pro's restore point - Mysearchdial
04-08-2014 22:41:41 Revo Uninstaller Pro's restore point - saviNgtoyou
05-08-2014 15:20:25 Device Driver Package Install: Western Digital Technologies

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17D079E1-13EC-4640-BA92-F102D235991E} - System32\Tasks\JavaUpdateTamra_2 => C:\Windows\system32\jusched.exe [2007-04-07] (Sun Microsystems, Inc.)
Task: {196B1FFF-8C09-4C12-8B8C-BAA718A5C5EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-01] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {333F059E-3DC6-4F4D-A4C1-D5C7D07220CB} - System32\Tasks\JavaUpdateTad => C:\Windows\system32\jusched.exe [2007-04-07] (Sun Microsystems, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {434F6E3F-4521-4C24-B417-AB37B8F19ABC} - System32\Tasks\HPCeeScheduleForTad => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-07-20] (Hewlett-Packard)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {48A832A4-F15D-4AD9-B911-32C4BA5E25B5} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: {79DBBBD6-2BCC-4B37-8013-FE287303CF8D} - System32\Tasks\StormFall TW1 => Chrome.exe --app=http://plarium.com/p...lisherID=2_0_73 --app-window-size=1680,1050
Task: {7F244D72-5EC4-4469-B8AB-025DFA8905DD} - System32\Tasks\JavaUpdateTamra => C:\Windows\system32\jusched.exe [2007-04-07] (Sun Microsystems, Inc.)
Task: {80B2F805-AF57-491A-A564-3A7C36EE28AE} - System32\Tasks\TidyNetwork Update => C:\Users\Tamra_2\AppData\Local\TidyNetwork\petnupdate.exe
Task: {9DDF7C05-31AD-49CD-8DEB-10EF24F82465} - System32\Tasks\Fixila PC Optimizer => C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe
Task: {A2338D21-92ED-4716-84F7-AC71E8A82491} - System32\Tasks\Fixila PC Optimizer_DEFAULT => C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe
Task: {B2ACD739-0737-467A-AE3B-8E98454C3BEF} - System32\Tasks\JavaUpdateTrinity => C:\Windows\system32\jusched.exe [2007-04-07] (Sun Microsystems, Inc.)
Task: {BD85C4B3-6245-49AA-A253-1F1A1262CD83} - System32\Tasks\PC-Doctor\Scheduled Maintanence => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-06-25] (PC-Doctor, Inc.)
Task: {C6B9CCF1-1CFD-440A-8689-1B27C030F917} - System32\Tasks\Fixila PC Optimizer_UPDATES => C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe
Task: {C7444D8D-4280-49B4-9BEF-6C3EDBF31838} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {CE88EFC3-2AA3-44BC-B041-6589C1E66FAA} - System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {D13DC72F-8627-4A05-BB44-EF37B21D0A37} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {D14094B4-D8CB-4BBD-A1A0-1162A8EDEAA6} - System32\Tasks\hpUrlLauncher.exe => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\utils\hpUrlLauncher.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E685E160-8DA8-4853-809C-D61148CB13FA} - System32\Tasks\JavaUpdateAdministrator => C:\Windows\system32\jusched.exe [2007-04-07] (Sun Microsystems, Inc.)
Task: {E7C67A0B-3EAA-462A-88B6-527F0ED8F310} - System32\Tasks\StormFall TW2 => Chrome.exe --app=http://plarium.com/p...lisherID=2_0_73 --app-window-size=1680,1050
Task: {F6A2691B-85E7-48E4-9F06-8D8F76DAAD0B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Fixila PC Optimizer_DEFAULT.job => C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe
Task: C:\Windows\Tasks\Fixila PC Optimizer_UPDATES.job => C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTad.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00237384 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2014-08-05 10:54 - 2014-08-05 10:54 - 00043008 _____ () c:\users\tamra_2\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptjzvit.dll
2013-10-18 19:55 - 2013-10-18 19:55 - 25100288 _____ () C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\libcef.dll
2011-03-15 11:11 - 2011-03-15 11:11 - 00433664 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2011-03-15 11:11 - 2011-03-15 11:11 - 00315392 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2011-09-23 20:52 - 2008-12-19 18:26 - 02625536 _____ () C:\Program Files\ffdshow\ffdshow.ax
2009-07-13 18:52 - 2007-02-12 22:33 - 00289504 _____ () C:\Program Files\Netgear\VISTA_GA311\GA311.exe
2009-07-13 18:52 - 2007-02-14 14:45 - 00028672 _____ () C:\Program Files\Netgear\VISTA_GA311\VistaRTL8169LibImp.dll
2013-08-25 18:46 - 2014-06-06 00:38 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-01 19:25 - 2014-08-01 19:25 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2014 11:11:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 11.3.0.54, time stamp 0x53bc1265, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xbfb504f3,
process id 0x15d4, application start time 0xiTunes.exe0.

Error: (08/05/2014 10:57:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(60:fa:cd:68:af:94@fe80::62fa:cdff:fe68:af94._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (08/05/2014 10:57:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(4c:8d:79:01:b6:b6@fe80::4e8d:79ff:fe01:b6b6._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (08/05/2014 10:57:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(7c:c5:37:4f:66:d1@fe80::7ec5:37ff:fe4f:66d1._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (08/05/2014 10:57:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(c0:9f:42:f2:02:2e@fe80::c29f:42ff:fef2:22e._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (08/05/2014 10:54:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (08/05/2014 10:54:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (08/05/2014 10:54:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (08/05/2014 10:54:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (08/05/2014 10:54:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20


System errors:
=============
Error: (08/05/2014 11:06:46 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{98013405-1A11-483A-BCC9-93CEAA20B9EA}.
The backup browser is stopping.

Error: (08/05/2014 10:55:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: HP Health Check Service%%1053

Error: (08/05/2014 10:55:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000HP Health Check Service

Error: (08/05/2014 10:51:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/05/2014 10:50:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/04/2014 10:52:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Font Cache Service

Error: (08/04/2014 10:49:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Media Center Receiver Service

Error: (08/04/2014 10:49:52 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053ehRecvr-Service{F4396DC6-E851-4D3A-8D01-34E6949F3500}

Error: (08/04/2014 10:49:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/04/2014 10:49:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-05 12:49:15.981
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-05 12:49:14.413
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-05 12:49:12.846
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-05 12:49:11.309
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-05 12:49:09.534
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-05 12:49:08.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-05 12:49:06.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-05 12:49:04.920
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-05 12:48:40.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-05 12:48:39.258
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 69%
Total physical RAM: 3069.83 MB
Available physical RAM: 927.96 MB
Total Pagefile: 6346.08 MB
Available Pagefile: 4083.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.48 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:288.49 GB) (Free:60.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.6 GB) (Free:1.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_PAVILION) (Fixed) (Total:298.09 GB) (Free:294.68 GB) NTFS
Drive f: (Sims2EP4_1) (CDROM) (Total:0.47 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 298 GB) (Disk ID: 9A6C9DFB)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[dbreeze]

Thanks for the logs, tamra521.  I will go through them and get a fix approved for you.  Back as soon as I can .....

[dbreeze]

Hello tamra521.

I have examined the logs (thanks for posting them and backing up your data) and the attached script should remove the adware from your system. If you are ready, we can start the cleaning with these steps....

Step1 - Run a FRST script

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save the Notepad file on to the desktop by clicking on File > Save As. In the Save As dialog box name the file Fixlist , make the "Save as type" as Text Documents(*.txt) and the Encoding as ANSI.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

 

start
HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\MountPoints2: {681f40f5-ac3b-11de-b5cb-001e8c8ab455} - L:\LaunchU3.exe -a
HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\MountPoints2: {73440e08-c45b-11dc-b250-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\MountPoints2: {e656b39e-8f1b-11de-be03-001e8c8ab455} - K:\LaunchU3.exe -a
BHO: PriincaeCoupon -> {65B5875E-22D8-C4AD-710C-7FCA9E9CEEE5} -> C:\ProgramData\PriincaeCoupon\U.dll No File
C:\ProgramData\PriincaeCoupon
BHO: saviNgtoyou -> {880CBD31-3A0E-874E-C44B-6F75165022CC} -> C:\ProgramData\saviNgtoyou\AhL9QIWkK.dll No File
C:\ProgramData\saviNgtoyou\AhL9QIWkK.dll
Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKCU - No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files\Common Files\doubleTwist\NPPodcast.dll No File
C:\Program Files\Common Files\doubleTwist
FF Extension: ShoopperMastter - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2014-08-04]
C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected]
FF Extension: greiatsaaving - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2014-08-04]
C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected]
FF Extension: FluashCoupon - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2014-08-04]
C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected]
FF Extension: LLuckyShoppEr - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2014-08-04]
C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected]
FF Extension: BietterPrriceeChec - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2014-08-04]
C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected]
FF Extension: GPComponent - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0} [2013-08-25]
C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}
FF HKLM\...\Firefox\Extensions: [{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}] - C:\Users\Tamra_2\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
C:\Users\Tamra_2\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
S3 SPPD; C:\Windows\system32\drivers\SPPD.sys [18872 2014-08-01] ()
C:\Windows\system32\drivers\SPPD.sys
2014-08-04 16:56 - 2014-08-04 16:56 - 00000000 ____D () C:\Program Files\RoyAlCouPon
2014-08-04 16:25 - 2014-08-04 16:25 - 00000000 ____D () C:\Program Files\FFlashCoupon
2014-08-03 21:52 - 2014-08-04 17:21 - 00000000 ____D () C:\ProgramData\FFlashCoupon
2014-08-02 15:20 - 2014-08-04 17:21 - 00000000 ____D () C:\ProgramData\RoyAlCouPon
2014-08-01 17:43 - 2014-08-01 17:43 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-08-01 16:50 - 2014-08-01 16:50 - 00000000 ____D () C:\Users\Tamra\AppData\Roaming\Fixila
2014-08-04 21:39 - 2014-08-04 21:39 - 01283632 _____ () C:\Users\Tamra_2\Downloads\Setup(1).exe
2014-08-04 21:33 - 2014-03-31 21:39 - 00029987 _____ () C:\szfixila.log
2014-08-04 21:24 - 2014-03-31 21:39 - 00000000 ____D () C:\Program Files\Fixila PC Optimizer
2014-08-04 17:21 - 2014-08-03 21:52 - 00000000 ____D () C:\ProgramData\FFlashCoupon
2014-08-04 17:21 - 2014-08-02 15:20 - 00000000 ____D () C:\ProgramData\RoyAlCouPon
2014-08-04 16:56 - 2014-08-04 16:56 - 00000000 ____D () C:\Program Files\RoyAlCouPon
2014-08-04 16:56 - 2014-04-21 16:53 - 00000000 ____D () C:\ProgramData\95dfe9498b4de734
2014-08-04 16:25 - 2014-08-04 16:25 - 00000000 ____D () C:\Program Files\FFlashCoupon
2014-08-04 15:02 - 2014-03-31 21:40 - 00000294 _____ () C:\Windows\Tasks\Fixila PC Optimizer_DEFAULT.job
2014-08-01 21:26 - 2014-04-10 13:43 - 00000000 ____D () C:\Users\Tamra_2\AppData\Roaming\Fixila
2014-08-01 17:43 - 2014-08-01 17:43 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-08-01 16:50 - 2014-08-01 16:50 - 00000000 ____D () C:\Users\Tamra\AppData\Roaming\Fixila
2014-08-01 16:48 - 2014-08-01 16:48 - 00000000 _____ () C:\t1n0.2
2014-08-01 16:48 - 2014-08-01 16:48 - 00000000 _____ () C:\t1n0.1
C:\Users\Tad\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\Tamra\AppData\Local\Temp\Browser_Update.exe
C:\Users\Tamra\AppData\Local\Temp\ose00000.exe
C:\Users\Tamra\AppData\Local\Temp\_is778F.exe
C:\Users\Tamra\AppData\Local\Temp\_isB9FB.exe
C:\Users\Tamra\AppData\Local\Temp\_isBD94.exe
C:\Users\Tamra_2\AppData\Local\Temp\dqbjqy8x.dll
C:\Users\Tamra_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptjzvit.dll
C:\Users\Tamra_2\AppData\Local\Temp\eauninstall.exe
C:\Users\Tamra_2\AppData\Local\Temp\First15.exe
C:\Users\Tamra_2\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe
C:\Users\Tamra_2\AppData\Local\Temp\Quarantine.exe
C:\Users\Tamra_2\AppData\Local\Temp\RegSvcs.exe
C:\Users\Tamra_2\AppData\Local\Temp\The Sims 2_uninst.exe
C:\Users\Tamra_2\AppData\Local\Temp\VP6Install.exe
C:\Users\Tamra_2\AppData\Local\Temp\VP6VFW.dll
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
Task: {80B2F805-AF57-491A-A564-3A7C36EE28AE} - System32\Tasks\TidyNetwork Update => C:\Users\Tamra_2\AppData\Local\TidyNetwork\petnupdate.exe
C:\Users\Tamra_2\AppData\Local\TidyNetwork\petnupdate.exe
Task: {9DDF7C05-31AD-49CD-8DEB-10EF24F82465} - System32\Tasks\Fixila PC Optimizer => C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe
Task: {A2338D21-92ED-4716-84F7-AC71E8A82491} - System32\Tasks\Fixila PC Optimizer_DEFAULT => C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe
Task: {C6B9CCF1-1CFD-440A-8689-1B27C030F917} - System32\Tasks\Fixila PC Optimizer_UPDATES => C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe
Task: {E7C67A0B-3EAA-462A-88B6-527F0ED8F310} - System32\Tasks\StormFall TW2 => Chrome.exe --app=http://plarium.com/p...lisherID=2_0_73 --app-window-size=1680,1050
Task: C:\Windows\Tasks\Fixila PC Optimizer_DEFAULT.job => C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe
Task: C:\Windows\Tasks\Fixila PC Optimizer_UPDATES.job => C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe
C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe
Folder: C:\ProgramData\boost_interprocess
Reboot:

Once you have the file saved, you can close Notepad.

Next, please move FRST from the downloads folder (where it is now) to your desktop. You can do this by right clicking on the file in C:\Users\Tamra_2\Downloads, selecting Cut, right clicking on a blank place on your desktop and selecting Paste. Don't worry, we will remove our tools when we are finished cleaning your system.

Now that FRST.exe and Fixlist.txt are both on the desktop, right click on FRST.exe and select "Run as Administrator...". FRST will load and check for an updated version of itself. If it finds one, let it update and it will inform you of when it is ok to run.

Please temporarily pause your Security Software protection; you can read on how to do this here.

Click the Fix button and let FRST run unhindered. The program will load the script file, follow the commands in it, reboot your system and produce a log file named Fixlog.txt. Please copy and paste the text of that log file in a reply post here.

Step2 - Follow up scan

Please right click on FRST.exe on your desktop, select "Run as Administrator.." and when the program loads, click on "Scan". When the scan is finished, FRST will produce one log file (opened in Notepad). Please copy and paste this log text in a reply here.


Items in your next reply:

• FRST Fixlog.txt log text
• Fresh FRST scan log text
• How is your system running?
• Any questions / concerns you may have.

[tamra521]

FRST Fixlog.txt log

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:2-08-2014

Ran by Tamra_2 at 2014-08-06 16:58:06 Run:1

Running from C:\Users\Tamra_2\Desktop

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

start

HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\MountPoints2: {681f40f5-ac3b-11de-b5cb-001e8c8ab455} - L:\LaunchU3.exe -a

HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\MountPoints2: {73440e08-c45b-11dc-b250-806e6f6e6963} - F:\Autorun.exe

HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\MountPoints2: {e656b39e-8f1b-11de-be03-001e8c8ab455} - K:\LaunchU3.exe -a

BHO: PriincaeCoupon -> {65B5875E-22D8-C4AD-710C-7FCA9E9CEEE5} -> C:\ProgramData\PriincaeCoupon\U.dll No File

C:\ProgramData\PriincaeCoupon

BHO: saviNgtoyou -> {880CBD31-3A0E-874E-C44B-6F75165022CC} -> C:\ProgramData\saviNgtoyou\AhL9QIWkK.dll No File

C:\ProgramData\saviNgtoyou\AhL9QIWkK.dll

Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File

Toolbar: HKCU - No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File

FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files\Common Files\doubleTwist\NPPodcast.dll No File

C:\Program Files\Common Files\doubleTwist

FF Extension: ShoopperMastter - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2014-08-04]

C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected]

FF Extension: greiatsaaving - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2014-08-04]

C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected]

FF Extension: FluashCoupon - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2014-08-04]

C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected]

FF Extension: LLuckyShoppEr - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2014-08-04]

C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected]

FF Extension: BietterPrriceeChec - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2014-08-04]

C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected]

FF Extension: GPComponent - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0} [2013-08-25]

C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}

FF HKLM\...\Firefox\Extensions: [{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}] - C:\Users\Tamra_2\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi

C:\Users\Tamra_2\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi

S3 SPPD; C:\Windows\system32\drivers\SPPD.sys [18872 2014-08-01] ()

C:\Windows\system32\drivers\SPPD.sys

2014-08-04 16:56 - 2014-08-04 16:56 - 00000000 ____D () C:\Program Files\RoyAlCouPon

2014-08-04 16:25 - 2014-08-04 16:25 - 00000000 ____D () C:\Program Files\FFlashCoupon

2014-08-03 21:52 - 2014-08-04 17:21 - 00000000 ____D () C:\ProgramData\FFlashCoupon

2014-08-02 15:20 - 2014-08-04 17:21 - 00000000 ____D () C:\ProgramData\RoyAlCouPon

2014-08-01 17:43 - 2014-08-01 17:43 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys

2014-08-01 16:50 - 2014-08-01 16:50 - 00000000 ____D () C:\Users\Tamra\AppData\Roaming\Fixila

2014-08-04 21:39 - 2014-08-04 21:39 - 01283632 _____ () C:\Users\Tamra_2\Downloads\Setup(1).exe

2014-08-04 21:33 - 2014-03-31 21:39 - 00029987 _____ () C:\szfixila.log

2014-08-04 21:24 - 2014-03-31 21:39 - 00000000 ____D () C:\Program Files\Fixila PC Optimizer

2014-08-04 17:21 - 2014-08-03 21:52 - 00000000 ____D () C:\ProgramData\FFlashCoupon

2014-08-04 17:21 - 2014-08-02 15:20 - 00000000 ____D () C:\ProgramData\RoyAlCouPon

2014-08-04 16:56 - 2014-08-04 16:56 - 00000000 ____D () C:\Program Files\RoyAlCouPon

2014-08-04 16:56 - 2014-04-21 16:53 - 00000000 ____D () C:\ProgramData\95dfe9498b4de734

2014-08-04 16:25 - 2014-08-04 16:25 - 00000000 ____D () C:\Program Files\FFlashCoupon

2014-08-04 15:02 - 2014-03-31 21:40 - 00000294 _____ () C:\Windows\Tasks\Fixila PC Optimizer_DEFAULT.job

2014-08-01 21:26 - 2014-04-10 13:43 - 00000000 ____D () C:\Users\Tamra_2\AppData\Roaming\Fixila

2014-08-01 17:43 - 2014-08-01 17:43 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys

2014-08-01 16:50 - 2014-08-01 16:50 - 00000000 ____D () C:\Users\Tamra\AppData\Roaming\Fixila

2014-08-01 16:48 - 2014-08-01 16:48 - 00000000 _____ () C:\t1n0.2

2014-08-01 16:48 - 2014-08-01 16:48 - 00000000 _____ () C:\t1n0.1

C:\Users\Tad\AppData\Local\Temp\AdobeUpdater12345.exe

C:\Users\Tamra\AppData\Local\Temp\Browser_Update.exe

C:\Users\Tamra\AppData\Local\Temp\ose00000.exe

C:\Users\Tamra\AppData\Local\Temp\_is778F.exe

C:\Users\Tamra\AppData\Local\Temp\_isB9FB.exe

C:\Users\Tamra\AppData\Local\Temp\_isBD94.exe

C:\Users\Tamra_2\AppData\Local\Temp\dqbjqy8x.dll

C:\Users\Tamra_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptjzvit.dll

C:\Users\Tamra_2\AppData\Local\Temp\eauninstall.exe

C:\Users\Tamra_2\AppData\Local\Temp\First15.exe

C:\Users\Tamra_2\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe

C:\Users\Tamra_2\AppData\Local\Temp\Quarantine.exe

C:\Users\Tamra_2\AppData\Local\Temp\RegSvcs.exe

C:\Users\Tamra_2\AppData\Local\Temp\The Sims 2_uninst.exe

C:\Users\Tamra_2\AppData\Local\Temp\VP6Install.exe

C:\Users\Tamra_2\AppData\Local\Temp\VP6VFW.dll

WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden

Task: {80B2F805-AF57-491A-A564-3A7C36EE28AE} - System32\Tasks\TidyNetwork Update => C:\Users\Tamra_2\AppData\Local\TidyNetwork\petnupdate.exe

C:\Users\Tamra_2\AppData\Local\TidyNetwork\petnupdate.exe

Task: {9DDF7C05-31AD-49CD-8DEB-10EF24F82465} - System32\Tasks\Fixila PC Optimizer => C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe

Task: {A2338D21-92ED-4716-84F7-AC71E8A82491} - System32\Tasks\Fixila PC Optimizer_DEFAULT => C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe

Task: {C6B9CCF1-1CFD-440A-8689-1B27C030F917} - System32\Tasks\Fixila PC Optimizer_UPDATES => C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe

Task: {E7C67A0B-3EAA-462A-88B6-527F0ED8F310} - System32\Tasks\StormFall TW2 => Chrome.exe --app=http://plarium.com/p...lisherID=2_0_73 --app-window-size=1680,1050 

Task: C:\Windows\Tasks\Fixila PC Optimizer_DEFAULT.job => C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe

Task: C:\Windows\Tasks\Fixila PC Optimizer_UPDATES.job => C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe

C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe

Folder: C:\ProgramData\boost_interprocess

Reboot:

 

*****************

 

"HKU\S-1-5-21-302356221-3822570288-777696681-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{681f40f5-ac3b-11de-b5cb-001e8c8ab455}" => Key deleted successfully.

"HKCR\CLSID\{681f40f5-ac3b-11de-b5cb-001e8c8ab455}" => Key not found.

"HKU\S-1-5-21-302356221-3822570288-777696681-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73440e08-c45b-11dc-b250-806e6f6e6963}" => Key deleted successfully.

"HKCR\CLSID\{73440e08-c45b-11dc-b250-806e6f6e6963}" => Key not found.

"HKU\S-1-5-21-302356221-3822570288-777696681-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e656b39e-8f1b-11de-be03-001e8c8ab455}" => Key deleted successfully.

"HKCR\CLSID\{e656b39e-8f1b-11de-be03-001e8c8ab455}" => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65B5875E-22D8-C4AD-710C-7FCA9E9CEEE5}" => Key deleted successfully.

"HKCR\CLSID\{65B5875E-22D8-C4AD-710C-7FCA9E9CEEE5}" => Key deleted successfully.

"C:\ProgramData\PriincaeCoupon" => File/Directory not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{880CBD31-3A0E-874E-C44B-6F75165022CC}" => Key deleted successfully.

"HKCR\CLSID\{880CBD31-3A0E-874E-C44B-6F75165022CC}" => Key deleted successfully.

"C:\ProgramData\saviNgtoyou\AhL9QIWkK.dll" => File/Directory not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} => value deleted successfully.

"HKCR\CLSID\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}" => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9565115D-C7D6-46D3-BD63-B67B481A4368} => value deleted successfully.

"HKCR\CLSID\{9565115D-C7D6-46D3-BD63-B67B481A4368}" => Key not found.

"HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast" => Key deleted successfully.

C:\Program Files\Common Files\doubleTwist\NPPodcast.dll not found.

"C:\Program Files\Common Files\doubleTwist" => File/Directory not found.

C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] => Moved successfully.

"C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected]" => File/Directory not found.

C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] => Moved successfully.

"C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected]" => File/Directory not found.

C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] => Moved successfully.

"C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected]" => File/Directory not found.

C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] => Moved successfully.

"C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected]" => File/Directory not found.

C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] => Moved successfully.

"C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected]" => File/Directory not found.

C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0} => Moved successfully.

"C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}" => File/Directory not found.

HKLM\Software\Mozilla\Firefox\Extensions\\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0} => value deleted successfully.

"C:\Users\Tamra_2\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi" => File/Directory not found.

SPPD => Service deleted successfully.

C:\Windows\system32\drivers\SPPD.sys => Moved successfully.

C:\Program Files\RoyAlCouPon => Moved successfully.

C:\Program Files\FFlashCoupon => Moved successfully.

C:\ProgramData\FFlashCoupon => Moved successfully.

C:\ProgramData\RoyAlCouPon => Moved successfully.

"C:\Windows\system32\Drivers\SPPD.sys" => File/Directory not found.

C:\Users\Tamra\AppData\Roaming\Fixila => Moved successfully.

C:\Users\Tamra_2\Downloads\Setup(1).exe => Moved successfully.

C:\szfixila.log => Moved successfully.

C:\Program Files\Fixila PC Optimizer => Moved successfully.

"C:\ProgramData\FFlashCoupon" => File/Directory not found.

"C:\ProgramData\RoyAlCouPon" => File/Directory not found.

"C:\Program Files\RoyAlCouPon" => File/Directory not found.

C:\ProgramData\95dfe9498b4de734 => Moved successfully.

"C:\Program Files\FFlashCoupon" => File/Directory not found.

C:\Windows\Tasks\Fixila PC Optimizer_DEFAULT.job => Moved successfully.

C:\Users\Tamra_2\AppData\Roaming\Fixila => Moved successfully.

"C:\Windows\system32\Drivers\SPPD.sys" => File/Directory not found.

"C:\Users\Tamra\AppData\Roaming\Fixila" => File/Directory not found.

C:\t1n0.2 => Moved successfully.

C:\t1n0.1 => Moved successfully.

C:\Users\Tad\AppData\Local\Temp\AdobeUpdater12345.exe => Moved successfully.

C:\Users\Tamra\AppData\Local\Temp\Browser_Update.exe => Moved successfully.

C:\Users\Tamra\AppData\Local\Temp\ose00000.exe => Moved successfully.

C:\Users\Tamra\AppData\Local\Temp\_is778F.exe => Moved successfully.

C:\Users\Tamra\AppData\Local\Temp\_isB9FB.exe => Moved successfully.

C:\Users\Tamra\AppData\Local\Temp\_isBD94.exe => Moved successfully.

C:\Users\Tamra_2\AppData\Local\Temp\dqbjqy8x.dll => Moved successfully.

C:\Users\Tamra_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptjzvit.dll => Moved successfully.

C:\Users\Tamra_2\AppData\Local\Temp\eauninstall.exe => Moved successfully.

C:\Users\Tamra_2\AppData\Local\Temp\First15.exe => Moved successfully.

C:\Users\Tamra_2\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe => Moved successfully.

C:\Users\Tamra_2\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\Tamra_2\AppData\Local\Temp\RegSvcs.exe => Moved successfully.

C:\Users\Tamra_2\AppData\Local\Temp\The Sims 2_uninst.exe => Moved successfully.

C:\Users\Tamra_2\AppData\Local\Temp\VP6Install.exe => Moved successfully.

C:\Users\Tamra_2\AppData\Local\Temp\VP6VFW.dll => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{209CDA54-D390-46A2-A97C-7BF61734418D}\\SystemComponent => value deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80B2F805-AF57-491A-A564-3A7C36EE28AE}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80B2F805-AF57-491A-A564-3A7C36EE28AE}" => Key deleted successfully.

C:\Windows\System32\Tasks\TidyNetwork Update => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully.

"C:\Users\Tamra_2\AppData\Local\TidyNetwork\petnupdate.exe" => File/Directory not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9DDF7C05-31AD-49CD-8DEB-10EF24F82465}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DDF7C05-31AD-49CD-8DEB-10EF24F82465}" => Key deleted successfully.

C:\Windows\System32\Tasks\Fixila PC Optimizer => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Fixila PC Optimizer" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2338D21-92ED-4716-84F7-AC71E8A82491}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2338D21-92ED-4716-84F7-AC71E8A82491}" => Key deleted successfully.

C:\Windows\System32\Tasks\Fixila PC Optimizer_DEFAULT => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Fixila PC Optimizer_DEFAULT" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6B9CCF1-1CFD-440A-8689-1B27C030F917}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6B9CCF1-1CFD-440A-8689-1B27C030F917}" => Key deleted successfully.

C:\Windows\System32\Tasks\Fixila PC Optimizer_UPDATES => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Fixila PC Optimizer_UPDATES" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7C67A0B-3EAA-462A-88B6-527F0ED8F310}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7C67A0B-3EAA-462A-88B6-527F0ED8F310}" => Key deleted successfully.

C:\Windows\System32\Tasks\StormFall TW2 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TW2" => Key deleted successfully.

C:\Windows\Tasks\Fixila PC Optimizer_DEFAULT.job not found.

C:\Windows\Tasks\Fixila PC Optimizer_UPDATES.job => Moved successfully.

"C:\Program Files\Fixila PC Optimizer\FixilaPCOptimizer.exe" => File/Directory not found.

 

========================= Folder: C:\ProgramData\boost_interprocess ========================

 

2014-08-04 17:22 - 2014-08-04 17:22 - 0000000 ____D () C:\ProgramData\boost_interprocess\20140804172106.125597

2014-08-04 17:22 - 2014-08-04 17:26 - 1052736 ____T () C:\ProgramData\boost_interprocess\20140804172106.125597\GpReceiverName

 

====== End of Folder: ======

 

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

 

 

Fresh FRST Scan Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:2-08-2014

Ran by Tamra_2 (administrator) on FAMILY-PC on 06-08-2014 17:09:38

Running from C:\Users\Tamra_2\Desktop

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe

(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe

(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(i-Funbox.com) C:\Program Files\iFunbox 2014\iFunBox2014.exe

(Creative Home) C:\Program Files\Creative Home\Hallmark Card Studio 2009 Deluxe\Planner\PLNRnote.exe

(Dropbox, Inc.) C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Microsoft Corporation) C:\Windows\ehome\ehsched.exe

(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Microsoft Corporation) C:\Windows\System32\schtasks.exe

(Sun Microsystems, Inc.) C:\Windows\System32\jusched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

() C:\Program Files\Netgear\VISTA_GA311\GA311.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [YSearchProtection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [EPSON NX100 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDA.EXE /FU "C:\Windows\TEMP\E_S28E6.tmp" /EF "HKCU"

HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)

HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)

HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [Spotify] => "C:\Users\Tamra_2\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)

HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [iFunBox Price Watch] => C:\Program Files\iFunbox 2014\iFunBox2014.exe [7748096 2013-11-26] (i-Funbox.com)

HKU\S-1-5-21-302356221-3822570288-777696681-1001\...\Run: [Driver Support] => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false

HKU\S-1-5-21-302356221-3822570288-777696681-1004\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-302356221-3822570288-777696681-1004\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder 2009.lnk

ShortcutTarget: Event Planner Reminder 2009.lnk -> C:\Windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe (Macrovision Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk

ShortcutTarget: GA311 Smart Wizard Utility.lnk -> C:\Program Files\Netgear\VISTA_GA311\G311.exe ()

Startup: C:\Users\Tad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Tamra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk

ShortcutTarget: GoZone iSync.lnk -> C:\Program Files\GoZone\GoZone_iSync.exe (No File)

Startup: C:\Users\Tamra_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Tamra_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

Startup: C:\Users\Tamra_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Trinity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tamra_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default

FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Tamra_2\Desktop\npAmazonMP3DownloaderPlugin.dll No File

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Extension: No Name - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\staged [2013-10-20]

FF Extension: No Name - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2011-12-20]

FF Extension: Firefox Old Version Update Hotfix - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2014-08-05]

FF Extension: Personas Plus - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\[email protected] [2011-04-09]

FF Extension: Microsoft .NET Framework Assistant - C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-06-27]

FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-01]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-05-22] (Symantec Corporation)

R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-05-22] (Symantec Corporation)

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-02-17] (Symantec Corporation)

R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2008-09-23] (Motive Communications, Inc.) [File not signed]

R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1885488 2011-05-22] (Symantec Corporation)

S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [357704 2011-05-22] (Symantec Corporation)

R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1832072 2011-05-22] (Symantec Corporation)

S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2009-10-03] (Symantec Corporation)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-07-14] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-07-14] (Symantec Corporation)

S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2008-11-25] (LeapFrog) [File not signed]

S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-08-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-08-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20140806.002\NAVENG.SYS [93272 2014-07-14] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20140806.002\NAVEX15.SYS [1612376 2014-07-14] (Symantec Corporation)

R3 NetgearGA311; C:\Windows\System32\DRIVERS\G311N6.sys [70144 2007-01-22] (Netgear Inc.)

R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [28160 2007-02-05] (Windows ® Codename Longhorn DDK provider)

S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [19744 2011-10-26] (Silicon Laboratories)

R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2011-05-22] (Symantec Corporation)

R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [283184 2011-05-22] (Symantec Corporation)

S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320944 2011-05-22] (Symantec Corporation)

R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2011-05-22] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [125488 2011-05-22] (Symantec Corporation)

R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-10-03] (Symantec Corporation)

R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-10-03] (Symantec Corporation)

R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [67472 2011-05-22] (Symantec Corporation)

R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [43376 2011-05-22] (Symantec Corporation)

R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-10-02] (Symantec Corporation)

R3 xcbdaNtsc; C:\Windows\System32\DRIVERS\xcbda.sys [156928 2007-09-07] (ViXS Systems Inc.)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]

S3 RimUsb; System32\Drivers\RimUsb.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-06 17:09 - 2014-08-06 17:09 - 00019549 _____ () C:\Users\Tamra_2\Desktop\FRST.txt

2014-08-05 12:49 - 2014-08-05 12:52 - 00055199 _____ () C:\Users\Tamra_2\Downloads\Addition.txt

2014-08-05 12:47 - 2014-08-06 17:09 - 00000000 ____D () C:\FRST

2014-08-05 12:47 - 2014-08-05 12:52 - 00040106 _____ () C:\Users\Tamra_2\Downloads\FRST.txt

2014-08-05 12:46 - 2014-08-05 12:46 - 01084928 _____ (Farbar) C:\Users\Tamra_2\Desktop\FRST.exe

2014-08-05 10:49 - 2014-08-05 10:49 - 00230584 _____ () C:\Windows\Minidump\Mini080514-01.dmp

2014-08-05 09:55 - 2014-08-05 09:55 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-08-05 09:55 - 2014-08-05 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-08-05 09:54 - 2014-08-05 09:55 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-08-05 09:54 - 2014-08-05 09:55 - 00000000 ____D () C:\Program Files\iTunes

2014-08-05 09:54 - 2014-08-05 09:54 - 00000000 ____D () C:\Program Files\iPod

2014-08-04 21:54 - 2014-08-04 21:55 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-04 21:54 - 2014-08-04 21:54 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-04 21:54 - 2014-08-04 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-04 21:54 - 2014-08-04 21:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-08-04 21:54 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-04 21:54 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-04 20:38 - 2014-08-04 20:41 - 00000000 ____D () C:\AdwCleaner

2014-08-04 18:29 - 2014-08-04 18:29 - 00185648 ____H () C:\Windows\system32\mlfcache.dat

2014-08-04 18:29 - 2014-08-04 18:29 - 00001027 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2014-08-04 18:29 - 2014-08-04 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2014-08-04 18:29 - 2014-08-04 18:29 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-08-04 18:29 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys

2014-08-04 17:35 - 2014-08-04 17:35 - 00000000 ____D () C:\Users\Tamra_2\AppData\Local\VS Revo Group

2014-08-04 17:35 - 2014-08-04 17:35 - 00000000 ____D () C:\ProgramData\VS Revo Group

2014-08-02 09:13 - 2014-08-02 09:13 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-08-01 18:47 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2014-08-01 18:46 - 2014-06-06 20:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-01 18:46 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-01 18:46 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-01 18:46 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-01 18:46 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-01 18:46 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-01 18:46 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-01 18:46 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-08-01 18:46 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-01 18:46 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-01 18:46 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-08-01 18:46 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-01 18:46 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-01 18:46 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-01 18:46 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-01 18:46 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-08-01 18:46 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-01 18:46 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-01 18:46 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-08-01 18:46 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-01 18:46 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-08-01 18:46 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-01 18:46 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-08-01 18:46 - 2014-05-30 02:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-08-01 18:46 - 2014-04-04 22:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-08-01 18:46 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2014-08-01 18:46 - 2014-03-09 21:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-08-01 16:52 - 2014-08-01 16:52 - 00000680 _____ () C:\Users\Tamra\AppData\Local\d3d9caps.dat

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-06 17:10 - 2014-08-06 17:09 - 00019549 _____ () C:\Users\Tamra_2\Desktop\FRST.txt

2014-08-06 17:09 - 2014-08-05 12:47 - 00000000 ____D () C:\FRST

2014-08-06 17:05 - 2012-04-10 20:02 - 00000000 ___RD () C:\Users\Tamra_2\Dropbox

2014-08-06 17:05 - 2012-04-10 20:01 - 00000000 ____D () C:\Users\Tamra_2\AppData\Roaming\Dropbox

2014-08-06 17:04 - 2006-11-02 08:37 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-08-06 17:02 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-06 17:02 - 2006-11-02 08:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-06 17:02 - 2006-11-02 08:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-06 17:01 - 2013-08-25 18:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-08-06 17:01 - 2012-07-02 15:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-08-06 17:01 - 2008-08-19 20:27 - 00672462 _____ () C:\Windows\PFRO.log

2014-08-06 17:00 - 2008-01-16 13:53 - 01425825 _____ () C:\Windows\WindowsUpdate.log

2014-08-06 17:00 - 2006-11-02 09:01 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-08-06 16:46 - 2013-11-05 20:48 - 00002241 _____ () C:\Users\Tamra_2\Desktop\Safari.lnk

2014-08-06 16:46 - 2012-04-21 10:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-05 12:52 - 2014-08-05 12:49 - 00055199 _____ () C:\Users\Tamra_2\Downloads\Addition.txt

2014-08-05 12:52 - 2014-08-05 12:47 - 00040106 _____ () C:\Users\Tamra_2\Downloads\FRST.txt

2014-08-05 12:46 - 2014-08-05 12:46 - 01084928 _____ (Farbar) C:\Users\Tamra_2\Desktop\FRST.exe

2014-08-05 11:21 - 2008-08-20 09:56 - 00000000 ____D () C:\Users\Tamra_2

2014-08-05 11:16 - 2006-11-02 06:33 - 00763586 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-05 10:49 - 2014-08-05 10:49 - 00230584 _____ () C:\Windows\Minidump\Mini080514-01.dmp

2014-08-05 10:49 - 2013-05-15 21:26 - 247211178 _____ () C:\Windows\MEMORY.DMP

2014-08-05 10:49 - 2008-08-23 03:21 - 00000000 ____D () C:\Windows\Minidump

2014-08-05 09:55 - 2014-08-05 09:55 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-08-05 09:55 - 2014-08-05 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-08-05 09:55 - 2014-08-05 09:54 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-08-05 09:55 - 2014-08-05 09:54 - 00000000 ____D () C:\Program Files\iTunes

2014-08-05 09:54 - 2014-08-05 09:54 - 00000000 ____D () C:\Program Files\iPod

2014-08-05 09:54 - 2008-08-19 22:06 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-08-04 22:47 - 2014-04-10 13:29 - 00000000 ___HD () C:\Users\Tamra_2\AppData\Roaming\XKDDT

2014-08-04 22:38 - 2014-05-27 21:54 - 00000000 ____D () C:\Users\Tamra_2\AppData\Roaming\Open Download Manager

2014-08-04 21:55 - 2014-08-04 21:54 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-04 21:54 - 2014-08-04 21:54 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-04 21:54 - 2014-08-04 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-04 21:54 - 2014-08-04 21:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-08-04 21:54 - 2011-02-25 17:29 - 00000000 ____D () C:\Users\Tamra_2\AppData\Roaming\Malwarebytes

2014-08-04 21:54 - 2010-03-02 18:40 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-04 20:41 - 2014-08-04 20:38 - 00000000 ____D () C:\AdwCleaner

2014-08-04 18:59 - 2010-08-17 11:01 - 00002587 _____ () C:\Users\Tamra_2\Desktop\Microsoft Office Word 2007.lnk

2014-08-04 18:42 - 2012-07-07 22:55 - 00000000 ____D () C:\Users\Tamra_2\AppData\Local\Unity

2014-08-04 18:29 - 2014-08-04 18:29 - 00185648 ____H () C:\Windows\system32\mlfcache.dat

2014-08-04 18:29 - 2014-08-04 18:29 - 00001027 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2014-08-04 18:29 - 2014-08-04 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2014-08-04 18:29 - 2014-08-04 18:29 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-08-04 18:12 - 2009-09-26 10:14 - 00000000 ____D () C:\Program Files\Google

2014-08-04 18:11 - 2014-01-19 13:26 - 00000000 ____D () C:\Users\Tamra_2\AppData\Local\Google

2014-08-04 18:06 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-08-04 17:35 - 2014-08-04 17:35 - 00000000 ____D () C:\Users\Tamra_2\AppData\Local\VS Revo Group

2014-08-04 17:35 - 2014-08-04 17:35 - 00000000 ____D () C:\ProgramData\VS Revo Group

2014-08-04 17:22 - 2013-08-25 20:10 - 00000000 ____D () C:\ProgramData\boost_interprocess

2014-08-04 17:17 - 2014-04-06 18:13 - 00000000 ____D () C:\Program Files\Origin Games

2014-08-04 17:17 - 2010-06-20 09:57 - 00000000 ____D () C:\Program Files\TomTom HOME 2

2014-08-04 17:16 - 2007-01-01 10:46 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2014-08-04 17:15 - 2012-05-12 21:27 - 00000000 ____D () C:\Program Files\Electronic Arts

2014-08-04 17:02 - 2013-08-18 17:32 - 00000000 ____D () C:\Program Files\EA GAMES

2014-08-04 16:50 - 2014-04-27 14:53 - 00000000 ____D () C:\Program Files\Paint.NET

2014-08-04 16:48 - 2014-04-06 18:10 - 00000000 ____D () C:\ProgramData\Origin

2014-08-04 16:38 - 2014-03-17 16:42 - 00000000 ____D () C:\Program Files\MSI Afterburner

2014-08-04 16:26 - 2014-04-04 17:39 - 00000000 ____D () C:\Program Files\Gameiki

2014-08-02 09:24 - 2006-11-02 08:47 - 00402568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-02 09:22 - 2009-05-29 20:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-08-02 09:20 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal

2014-08-02 09:17 - 2008-08-22 19:24 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-02 09:13 - 2014-08-02 09:13 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-08-02 09:08 - 2010-06-04 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-08-01 21:27 - 2014-03-31 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon

2014-08-01 21:27 - 2014-03-09 12:05 - 00000000 ____D () C:\Program Files\iFunbox 2014

2014-08-01 21:27 - 2013-08-23 19:11 - 00000000 ____D () C:\Program Files\iExplorer

2014-08-01 21:27 - 2009-11-21 10:33 - 00000000 ____D () C:\Users\Guest

2014-08-01 21:27 - 2008-08-29 15:41 - 00000000 ____D () C:\Users\Trinity

2014-08-01 21:27 - 2008-08-20 16:38 - 00000000 ____D () C:\Users\Tad

2014-08-01 21:27 - 2008-08-19 20:32 - 00000000 ____D () C:\Users\Tamra

2014-08-01 21:27 - 2007-01-01 11:01 - 00000000 ____D () C:\Program Files\PC-Doctor 5 for Windows

2014-08-01 21:27 - 2007-01-01 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools

2014-08-01 21:27 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool

2014-08-01 21:27 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc

2014-08-01 21:27 - 2006-11-02 06:22 - 58458112 _____ () C:\Windows\system32\config\software_previous

2014-08-01 21:26 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration

2014-08-01 21:24 - 2014-04-22 16:32 - 00000000 ____D () C:\Users\Tamra_2\AppData\Local\PC_Drivers_Headquarters

2014-08-01 21:24 - 2014-04-22 16:32 - 00000000 ____D () C:\ProgramData\Driver Support

2014-08-01 21:21 - 2014-03-31 21:10 - 00000000 ____D () C:\Program Files\Daring Development

2014-08-01 21:20 - 2006-11-02 06:22 - 29097984 _____ () C:\Windows\system32\config\system_previous

2014-08-01 21:04 - 2006-11-02 06:22 - 50593792 _____ () C:\Windows\system32\config\components_previous

2014-08-01 21:04 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous

2014-08-01 19:25 - 2012-04-21 10:34 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-08-01 19:25 - 2011-05-28 10:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-08-01 18:04 - 2014-04-03 10:15 - 00000000 ____D () C:\Program Files\Common Files\Steam

2014-08-01 17:46 - 2012-04-10 20:02 - 00000968 _____ () C:\Users\Tamra_2\Desktop\Dropbox.lnk

2014-08-01 17:46 - 2012-04-10 20:02 - 00000000 ____D () C:\Users\Tamra_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-08-01 17:43 - 2014-06-09 19:35 - 00000000 ____D () C:\Users\Tamra_2\AppData\Roaming\Origin

2014-08-01 17:42 - 2011-07-05 21:13 - 00000000 ____D () C:\Users\Tamra_2\AppData\Roaming\HpUpdate

2014-08-01 16:52 - 2014-08-01 16:52 - 00000680 _____ () C:\Users\Tamra\AppData\Local\d3d9caps.dat

2014-08-01 16:52 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\default_previous

2014-08-01 16:48 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous

 

Some content of TEMP:

====================

C:\Users\Tamra_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkjfzaa.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-08-06 17:09

 

==================== End Of Log ============================

 

The system seems to be running faster now. I had an extreme issue with insane popups when using Firefox and that seems to be fixed now. There is another program that is on here that may be another potential problem (it's called Horizon). I'm not sure what this program is or what it's for (my daughter has been downloading stuff on here to play Minecraft. She is no longer allowed on the PC  ). I can't tell that it is causing any issues like the Fixila was but it won't let me uninstall it via the Windows Uninstaller. Other than that, everything seems to be OK. I really appreciate all of your help with this. I'm glad I found this forum, because I have been dealing with this messy system since April 

[dbreeze]

I'm glad the system is coming back under your control; there are still some more steps to totally clean the system. 
 
Horizon (from what I'm finding) looks like a game mod program.  Let's see what else we can find about the program.
 
 

Search Files with FRST

• Right click on FRST.exe on your desktop and select "Run as Administrator".
• Type Horizon;Daring Development into the Search box and click on Search Files button.
• FRST will scan your files on your system and list any matching the names in a log file.
• Please copy and paste that log file text in a reply post.

 

 

Run a AdwCleaner scan-only
 
AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
• Click the Report button to get the log.
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

 

Things to reply back with:

• The FRST search log text.
• AdwCleaner scan log text.
• Anything else on the system / concerns you have?

[tamra521]

Farbar Recovery Scan Tool (x86) Version:2-08-2014
Ran by Tamra_2 at 2014-08-06 21:25:37
Running from C:\Users\Tamra_2\Desktop
Boot Mode: Normal

================== Search: "Horizon;Daring Development" ===================

=== End Of Search ===

 

 

 

 

# AdwCleaner v3.303 - Report created 06/08/2014 at 21:58:30
# Updated 06/08/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Tamra_2 - FAMILY-PC
# Running from : C:\Users\Tamra_2\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ew0bij27.default\prefs.js ]


[ File : C:\Users\Tad\AppData\Roaming\Mozilla\Firefox\Profiles\g4vs50pe.default\prefs.js ]


[ File : C:\Users\Tamra\AppData\Roaming\Mozilla\Firefox\Profiles\lc0isb8l.default\prefs.js ]


[ File : C:\Users\Tamra_2\AppData\Roaming\Mozilla\Firefox\Profiles\mlf7pam6.default\prefs.js ]

Line Found : user_pref("extensions.5UMrX6OJnP.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Found : user_pref("extensions.G2id26g.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]
Line Found : user_pref("extensions.a9ihzomk.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Found : user_pref("extensions.iUv8u7YCWjHw.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]
Line Found : user_pref("extensions.jWKAo.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]

[ File : C:\Users\Trinity\AppData\Roaming\Mozilla\Firefox\Profiles\um33vgw6.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [54250 octets] - [04/08/2014 20:38:18]
AdwCleaner[R1].txt - [2519 octets] - [06/08/2014 21:30:48]
AdwCleaner[R2].txt - [2378 octets] - [06/08/2014 21:58:30]
AdwCleaner[S0].txt - [53648 octets] - [04/08/2014 20:40:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2499 octets] ##########
 

 

 

 

Only other things I'm seeing in the Windows Uninstaller that concern me are the following (these may or may not still be on the system, but they're showing up... so just in case..). I can't perform an uninstall on them.

 

Horizon (already mentioned)

iFunBox 2014

Fixila PC Optimizer (which I think is already taken care of, but it's still showing in the uninstaller)

Open Downloader Manager

PriincaeCoupon

saviNgtoyou

Terraria (which I know is a game, but I can't remove it)

 

There may also be a ton of program files for mods that were downloaded that I can't see. I know my kids had downloaded a ton of those but I think they tried to hide them from me by moving them to the recycling bin and then emptying it.

[dbreeze]

FRST says the Horizon program is not located in the usual loaction(s) if it is located on the system at all.
 
Let's try to clear some of these programs manually.
 
Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Fixila PC Optimizer
Horizon v2.7.8.0
iFunBox 2014 (v3.1.562.425)
Open Downloader Manager
PriincaeCoupon
saviNgtoyou
Terraria
WeatherBug Gadget

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

 

Note: Please use the Windows Uninstall API, not Revo Uninstaller to do these.  Also, some (if not most of these) will hopefully say that the program is not installed and do you just want to remove it from the list.  If this happens please answer 'Yes'.

 

Please keep a record of which ones uninstall, just unload from the list or do nothing.  Let us know the results when this is done.

[tamra521]

Open Download Manager uninstalled
Horizon and iFunBox both received errors when trying to uninstall, saying a file was missing and the uninstall couldn't complete.

Everything else I was able to just remove from the list.

 

I tried to screenshot the errors to attach them to this post but the PC suddenly froze up on me, the screen had all kinds of purple lines on it and now I can't get it to restart Windows... it wants to repair Windows or start it normally. When I try to start normally it boots up to a frozen screen with purple lines and when I try to run the repair it does the same thing when it's done. I'm reallly thinking my hard drive may be going bad
 

So at this time it doesn't look like I can keep going with the cleanup if I can't get it to boot up normally    Thoughts?

[dbreeze]

Wow, sorry about the troubles; we will see what we can do to help.

 

Can you tell me if this is the screen you are seeing when you boot the computer?

 

 

You are seeing this one (with just two choices) not the Advanced Boot Options (see below)?

 

 

Also, can you tell me (or refresh my memory) what your computer system is?  (Make, model, desktop / laptop, etc.)  This will help me in getting directions to possibly change some boot options, if we need to.

Do you have access to another system and does it have a CD burner? 

Do you have a USB stick / drive that can be used to transfer files?

[tamra521]

The first screenshot is what I'm seeing. The Windows Error Recovery screen.

The PC is an HP Pavilion Media Center m8330f running Vista (32 bit). It's a desktop.

I do have a laptop. It has a writable DVR drive as far as I know. I've never used it though :/

I do have a 32GB USB drive. And a 1TB external hard drive if needed.

[dbreeze]

Thanks for the quick reply.  I will research the best options to get you back running and return as soon as possible.  It would be best to have a blank writable DVD / CD (or at least two) handy for burning a boot-able disk to.

[dbreeze]

Just to let you know, tamra521, that I have not forgotten about you or your problem.

 

I have a solution / plan to get some information from your system and get it running again but I need it approved before I send it to you.  It should be to you in the morning; I have run this procedure myself and it is perfectly safe and easy to use.