Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Chrome - No Chrome Installed [Closed]

Too many Chrome Processes

  • This topic is locked This topic is locked

#1
Gene R

Gene R

    Member

  • Member
  • PipPipPip
  • 123 posts

I posted in the Browser forum but my problem is just like the one in this formum 'Browser.exe *32 "Google Chrome" Virus (No Chrome Installed)

 

My post link is: http://www.geekstogo...ses-start-back/

 

As mentioned above, the Browser.exe topic below sounds just like the problem I am having. There are 6 'Google Chrome' processes running (viewed in Task Manager) and it slows the machine down. The laptop is a Toshiba Satelite P870 64 bit Windows 8.1. It says 64-bit OS, x64 based processor

 

All processes are launched from: deborah\appdata\local\gcc\chrome.bin\chrome.exe

 

Please help! It is the wife's laptop and I catch [bleep] everytime she tries to use it....
 


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I'd be happy to take a look.

 

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.
 



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performaning any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 


- Finally Before We Start-

 

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

Fresh Set of Logs Needed
Let's begin. Please follow the steps below.
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.

    Only one of them will run on your system, that will be the right version.

2. Right click on the file and select Run as administrator (If you don't have this option simply double-click the file to open). When the tool opens click Yes to disclaimer.

3. Press Scan button.

4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)

5. Please copy and paste log back here.

6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

     Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

 

 

 

Items for your next post

1. Contents of the FRST log.

2. Contents of the Addition log.


  • 0

#3
Gene R

Gene R

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Thanks for the quick response. The two logs are pasted below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2014
Ran by deborah (administrator) on GANDALF on 23-08-2014 14:12:00
Running from C:\Users\deborah\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Users\deborah\AppData\Local\GCC\Controller.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\Toshiba\Hotkey\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
() C:\Users\deborah\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
() C:\Users\deborah\AppData\Local\GCC\Controller.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-893006055-2477717136-3138752447-1002\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-893006055-2477717136-3138752447-1002\...\Run: [WindowexeAllkiller] => C:\Program Files (x86)\WindowexeAllkiller.exe [573968 2014-03-29] (WindowexeAllkiller.com)
HKU\S-1-5-21-893006055-2477717136-3138752447-1002\...\Run: [Amazon Music] => C:\Users\deborah\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-893006055-2477717136-3138752447-1002\...\MountPoints2: {0d21091d-f03d-11e3-bef6-008cfa496f55} - "E:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk *  BootDefrag.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
SearchScopes: HKLM - DefaultScope {ADE78FB5-ADF4-49BE-9AA0-D011F40FE812} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM - {ADE78FB5-ADF4-49BE-9AA0-D011F40FE812} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM-x32 - DefaultScope {ADE78FB5-ADF4-49BE-9AA0-D011F40FE812} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {ADE78FB5-ADF4-49BE-9AA0-D011F40FE812} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKCU - DefaultScope {63B4B556-7DE3-4005-A188-F0D4FC1D7016} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKCU - {1F8B8190-6DD0-4CC0-B9D9-F26653154503} URL = http://www.search.as...archTerms}&psv=
SearchScopes: HKCU - {63B4B556-7DE3-4005-A188-F0D4FC1D7016} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKCU - {A00B6214-B063-409E-A5FE-6BEF8FC4E22C} URL = http://websearch.sho...q={searchTerms}
SearchScopes: HKCU - {ADE78FB5-ADF4-49BE-9AA0-D011F40FE812} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF [2014-08-18]
 
Chrome: 
=======
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Google Docs) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-20]
CHR Extension: (Google Drive) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-20]
CHR Extension: (YouTube) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-20]
CHR Extension: (Google Search) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-20]
CHR Extension: (Norton Security Toolbar) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-08-20]
CHR Extension: (Google Wallet) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-20]
CHR Extension: (Gmail) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-20]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-08-20] (IObit)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
U2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2014-08-20] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
S4 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2013-08-19] () [File not signed]
S2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-07-23] (Symantec Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-13] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-13] (Symantec Corporation)
R3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2012-06-19] (Windows ® Win 7 DDK provider)
S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20140822.001\IDSvia64.sys [525016 2014-08-18] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140822.009\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140822.009\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [32256 2012-06-19] (Nuvoton Technology Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-20] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-07-23] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2014-07-23] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1505000.013\SymELAM.sys [23568 2014-07-23] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-17] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2014-07-23] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-23 14:12 - 2014-08-23 14:12 - 00020294 _____ () C:\Users\deborah\Desktop\FRST.txt
2014-08-23 14:11 - 2014-08-23 14:12 - 00000000 ____D () C:\FRST
2014-08-23 14:11 - 2014-08-23 13:05 - 02103296 _____ (Farbar) C:\Users\deborah\Desktop\FRST64.exe
2014-08-20 17:26 - 2014-08-20 17:43 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2014-08-20 17:26 - 2014-08-20 17:26 - 01038656 _____ (SlimWare Utilities, Inc.) C:\Users\deborah\Downloads\SlimCleaner-setup.exe
2014-08-20 17:26 - 2014-08-20 17:26 - 00003016 _____ () C:\WINDOWS\System32\Tasks\SlimCleaner Run
2014-08-20 17:26 - 2014-08-20 17:26 - 00002483 _____ () C:\Users\Public\Desktop\SlimCleaner.lnk
2014-08-20 17:26 - 2014-08-20 17:26 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-08-20 17:26 - 2014-08-20 17:26 - 00000000 ____D () C:\Users\deborah\AppData\Local\SlimWare Utilities Inc
2014-08-20 17:26 - 2014-08-20 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
2014-08-20 16:25 - 2014-08-20 16:25 - 00000000 ____D () C:\Users\deborah\AppData\Roaming\ProductData
2014-08-20 16:24 - 2014-08-20 16:57 - 00000298 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-08-20 16:24 - 2014-08-20 16:24 - 00002402 _____ () C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-08-20 16:24 - 2014-08-20 16:24 - 00001239 _____ () C:\Users\deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-08-20 16:24 - 2014-08-20 16:24 - 00001215 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-08-20 16:23 - 2014-08-23 14:11 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-20 16:23 - 2014-08-20 16:32 - 00000000 ____D () C:\ProgramData\IObit
2014-08-20 16:23 - 2014-08-20 16:24 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-20 16:23 - 2014-08-20 16:23 - 12906784 _____ (IObit) C:\Users\deborah\Downloads\iobituninstaller.exe
2014-08-20 16:23 - 2014-08-20 16:23 - 00000000 ____D () C:\Users\deborah\AppData\Roaming\IObit
2014-08-20 15:41 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-08-20 15:40 - 2014-08-20 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-20 15:40 - 2014-08-20 15:40 - 00004162 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-20 15:40 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-08-20 15:40 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-08-20 15:40 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-08-20 15:32 - 2014-08-20 15:32 - 00003102 _____ () C:\WINDOWS\System32\Tasks\{F816F3E6-7C48-414B-BE84-A86671FF6260}
2014-08-19 15:21 - 2014-08-23 14:10 - 00001592 _____ () C:\WINDOWS\setupact.log
2014-08-19 15:21 - 2014-08-19 15:21 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-18 21:11 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-18 21:11 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-18 21:10 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-18 21:08 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-18 21:01 - 2014-08-18 21:01 - 00001191 _____ () C:\Users\deborah\Desktop\Amazon Music.lnk
2014-08-18 20:53 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-18 20:53 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-18 20:53 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-18 20:53 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-18 20:47 - 2014-08-18 20:47 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-08-18 19:17 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-18 19:17 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-18 19:17 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-18 19:17 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-18 19:17 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-18 19:17 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-18 19:17 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-18 19:17 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-18 19:17 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-18 19:17 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-18 19:17 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-18 19:17 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-18 19:17 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-18 19:17 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-18 19:17 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-18 19:17 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-18 19:17 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-18 19:17 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-18 19:17 - 2014-07-25 07:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-18 19:17 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 19:17 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-18 19:17 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-18 19:17 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-18 19:17 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-18 19:17 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-18 19:17 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-18 19:17 - 2014-07-25 07:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-18 19:17 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-18 19:17 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-18 19:17 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-18 19:17 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-18 19:17 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-18 19:17 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-18 19:17 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-18 19:17 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-18 19:10 - 2014-08-18 19:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-17 14:24 - 2014-08-18 19:10 - 00002492 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-08-17 14:10 - 2014-06-04 05:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-17 14:10 - 2014-06-04 01:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-17 14:10 - 2014-06-04 01:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-17 14:10 - 2014-06-04 00:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-17 14:10 - 2014-06-04 00:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-17 14:10 - 2014-06-03 22:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-17 14:10 - 2014-06-03 22:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-17 14:08 - 2014-08-17 14:08 - 00001766 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-17 14:08 - 2014-08-17 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-17 14:07 - 2014-08-17 14:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-17 14:07 - 2014-08-17 14:08 - 00000000 ____D () C:\Program Files\iTunes
2014-08-17 14:07 - 2014-08-17 14:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-17 14:07 - 2014-08-17 14:07 - 00000000 ____D () C:\Program Files\iPod
2014-08-03 08:54 - 2014-08-01 20:17 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-03 08:54 - 2014-08-01 20:17 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-28 23:09 - 2014-07-28 23:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-28 23:07 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-23 14:12 - 2014-08-23 14:12 - 00020294 _____ () C:\Users\deborah\Desktop\FRST.txt
2014-08-23 14:12 - 2014-08-23 14:11 - 00000000 ____D () C:\FRST
2014-08-23 14:11 - 2014-08-20 16:23 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-23 14:10 - 2014-08-19 15:21 - 00001592 _____ () C:\WINDOWS\setupact.log
2014-08-23 14:09 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-23 13:05 - 2014-08-23 14:11 - 02103296 _____ (Farbar) C:\Users\deborah\Desktop\FRST64.exe
2014-08-23 09:56 - 2014-06-10 20:04 - 01668751 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-23 09:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-21 14:04 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-21 14:00 - 2014-01-22 00:43 - 00000000 ____D () C:\Users\deborah
2014-08-21 11:02 - 2013-05-20 10:29 - 00000000 ____D () C:\Program Files (x86)\PC Checkup
2014-08-21 10:54 - 2014-01-22 22:08 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1C695C66-0EB1-43CA-824F-F90F63183F20}
2014-08-20 19:52 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-20 18:11 - 2014-03-29 23:46 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-893006055-2477717136-3138752447-1002
2014-08-20 18:03 - 2013-05-07 18:48 - 00000000 ____D () C:\Users\deborah\AppData\Local\CrashDumps
2014-08-20 17:43 - 2014-08-20 17:26 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2014-08-20 17:28 - 2014-01-22 03:34 - 00000000 ___DC () C:\WINDOWS\Panther
2014-08-20 17:26 - 2014-08-20 17:26 - 01038656 _____ (SlimWare Utilities, Inc.) C:\Users\deborah\Downloads\SlimCleaner-setup.exe
2014-08-20 17:26 - 2014-08-20 17:26 - 00003016 _____ () C:\WINDOWS\System32\Tasks\SlimCleaner Run
2014-08-20 17:26 - 2014-08-20 17:26 - 00002483 _____ () C:\Users\Public\Desktop\SlimCleaner.lnk
2014-08-20 17:26 - 2014-08-20 17:26 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-08-20 17:26 - 2014-08-20 17:26 - 00000000 ____D () C:\Users\deborah\AppData\Local\SlimWare Utilities Inc
2014-08-20 17:26 - 2014-08-20 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
2014-08-20 16:58 - 2014-07-22 09:25 - 00004086 _____ () C:\WINDOWS\PFRO.log
2014-08-20 16:57 - 2014-08-20 16:24 - 00000298 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-08-20 16:56 - 2014-03-30 12:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-20 16:54 - 2014-03-30 12:43 - 00000000 ____D () C:\Users\deborah\AppData\Local\Deployment
2014-08-20 16:54 - 2014-03-23 12:23 - 00000000 ____D () C:\Users\deborah\AppData\Local\Google
2014-08-20 16:32 - 2014-08-20 16:23 - 00000000 ____D () C:\ProgramData\IObit
2014-08-20 16:25 - 2014-08-20 16:25 - 00000000 ____D () C:\Users\deborah\AppData\Roaming\ProductData
2014-08-20 16:24 - 2014-08-20 16:24 - 00002402 _____ () C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-08-20 16:24 - 2014-08-20 16:24 - 00001239 _____ () C:\Users\deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-08-20 16:24 - 2014-08-20 16:24 - 00001215 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-08-20 16:24 - 2014-08-20 16:23 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-20 16:23 - 2014-08-20 16:23 - 12906784 _____ (IObit) C:\Users\deborah\Downloads\iobituninstaller.exe
2014-08-20 16:23 - 2014-08-20 16:23 - 00000000 ____D () C:\Users\deborah\AppData\Roaming\IObit
2014-08-20 16:18 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-20 16:17 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-08-20 15:42 - 2013-10-25 20:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-20 15:41 - 2014-08-20 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-20 15:40 - 2014-08-20 15:40 - 00004162 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-20 15:40 - 2013-07-07 12:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-20 15:32 - 2014-08-20 15:32 - 00003102 _____ () C:\WINDOWS\System32\Tasks\{F816F3E6-7C48-414B-BE84-A86671FF6260}
2014-08-19 20:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-19 15:27 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-08-19 15:24 - 2013-11-14 03:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-19 15:21 - 2014-08-19 15:21 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-19 09:51 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-18 21:01 - 2014-08-18 21:01 - 00001191 _____ () C:\Users\deborah\Desktop\Amazon Music.lnk
2014-08-18 20:47 - 2014-08-18 20:47 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-08-18 20:34 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-08-18 19:13 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-08-18 19:10 - 2014-08-18 19:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-18 19:10 - 2014-08-17 14:24 - 00002492 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-08-18 19:10 - 2013-04-27 08:39 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-08-18 19:10 - 2013-04-27 08:38 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-08-17 14:24 - 2013-04-27 08:39 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-08-17 14:24 - 2013-04-27 08:39 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-08-17 14:24 - 2012-12-03 02:27 - 00000000 ____D () C:\ProgramData\Norton
2014-08-17 14:19 - 2013-04-27 08:38 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-08-17 14:14 - 2013-06-10 21:19 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-08-17 14:08 - 2014-08-17 14:08 - 00001766 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-17 14:08 - 2014-08-17 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-17 14:08 - 2014-08-17 14:07 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-17 14:08 - 2014-08-17 14:07 - 00000000 ____D () C:\Program Files\iTunes
2014-08-17 14:08 - 2014-08-17 14:07 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-17 14:07 - 2014-08-17 14:07 - 00000000 ____D () C:\Program Files\iPod
2014-08-17 13:42 - 2013-05-06 20:55 - 00000000 ____D () C:\Users\deborah\AppData\Roaming\HpUpdate
2014-08-17 13:40 - 2013-08-22 07:45 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-17 13:40 - 2013-08-22 00:17 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-12 21:23 - 2014-03-23 11:10 - 00000000 ____D () C:\Users\deborah\AppData\Roaming\DiskDefrag
2014-08-07 20:50 - 2013-05-06 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-07 20:50 - 2013-05-06 20:52 - 00000000 ____D () C:\Program Files (x86)\HP
2014-08-03 08:53 - 2013-08-22 10:44 - 00335840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-01 20:17 - 2014-08-03 08:54 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-01 20:17 - 2014-08-03 08:54 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-28 23:09 - 2014-07-28 23:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-28 23:09 - 2013-11-14 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-28 23:09 - 2013-09-02 11:44 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-28 23:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-28 23:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-28 23:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-28 23:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-28 23:08 - 2013-05-13 20:04 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-25 12:55 - 2014-08-20 15:40 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-20 15:41 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-20 15:40 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-20 15:40 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-25 10:52 - 2014-08-18 19:17 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-25 09:51 - 2014-08-18 19:17 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-25 09:28 - 2014-08-18 19:17 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-07-25 09:25 - 2014-08-18 19:17 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-18 19:17 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-07-25 08:59 - 2014-08-18 19:17 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-07-25 08:40 - 2014-08-18 19:17 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-18 19:17 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-07-25 08:30 - 2014-08-18 19:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-18 19:17 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-18 19:17 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-18 19:17 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-25 08:17 - 2014-08-18 19:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-25 08:10 - 2014-08-18 19:17 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-25 08:08 - 2014-08-18 19:17 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-18 19:17 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-18 19:17 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-18 19:17 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-18 19:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-25 07:43 - 2014-08-18 19:17 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-18 19:17 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-18 19:17 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-25 07:34 - 2014-08-18 19:17 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-25 07:29 - 2014-08-18 19:17 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-25 07:23 - 2014-08-18 19:17 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-18 19:17 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-25 07:09 - 2014-08-18 19:17 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-25 07:07 - 2014-08-18 19:17 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-25 07:03 - 2014-08-18 19:17 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-18 19:17 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-25 06:26 - 2014-08-18 19:17 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-18 19:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-18 19:17 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-18 19:17 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-18 19:17 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
 
Some content of TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\CreateToastShortcut.exe
C:\Users\ADMINI~1\AppData\Local\Temp\CreateToastShortcutDll.dll
C:\Users\ADMINI~1\AppData\Local\Temp\StartMenu.exe
C:\Users\ADMINI~1\AppData\Local\Temp\TosNoRestart.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\Sys
 
WOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-21 14:15
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2014
Ran by deborah at 2014-08-23 14:13:08
Running from C:\Users\deborah\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4380 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
C4380_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink MediaShow 6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.5617 - CyberLink Corp.)
CyberLink MediaShow 6 (x32 Version: 6.0.5617 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.5.0.19 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.15 - Symantec Corporation)
Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
Nuvoton CIR Device Drivers (HKLM-x32\...\{096C6EA4-738C-4A01-BB98-45B93B6B9B34}) (Version: 8.60.5001 - Nuvoton Technology Corporation)
NVIDIA Control Panel 305.46 (Version: 305.46 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 305.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.46 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.60 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_02_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SRS Premium Sound Control Panel (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Blu-ray Disc Player (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 1.0.5.175  - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{76078303-BAA2-4FBF-BA13-D1065195E696}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 1.1.0001 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0002.64002 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.9 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-893006055-2477717136-3138752447-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\deborah\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-893006055-2477717136-3138752447-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\deborah\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-893006055-2477717136-3138752447-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\deborah\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-893006055-2477717136-3138752447-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\deborah\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
20-08-2014 19:39:33 Installed Java 7 Update 67
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2014-03-29 23:05 - 00000748 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0967956F-5097-48EE-9D2D-F725206FA7DA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {11EA07D6-F037-46D4-ABD5-A6E9C3E8D781} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {14C8A61C-9CE6-49FC-844B-D484C67EFE98} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {28FE4AC8-2087-476C-85E3-7CA2AAB6ACCA} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {321FE431-E1A7-4646-B1FB-D0996EEE3F37} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {37E7DCAF-2271-4841-BAA0-B9D1A39F3467} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3FCC461B-6D62-429A-AD3B-037F9CBA3151} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4F34613C-C45E-4BB9-8DC2-DFC7FE2E3436} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {5CA9E9F6-5403-466E-A948-BC3296E4A1B2} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {70235E2F-5CC9-47E0-9E6A-8569BBAC50B2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-28] (Microsoft Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {748F4613-EB8D-494F-AEA5-ED14C6C820B8} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-20] (IObit)
Task: {773E584D-5585-4AF1-924E-7B609F305E85} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7FCF2A6F-0DEE-4757-B06F-BB65701D9410} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {88AB4FDE-F3AC-44C1-B897-1DE83A03C99D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9A47ADD3-C73D-4A56-A0FA-F4A9A0F4732D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-20] (Synaptics Incorporated)
Task: {9B0D6FBA-6692-499A-82D5-0851B3739840} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BD773C4B-5497-446C-BF3A-AA663D8A284B} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2014-08-20] (Symantec Corporation)
Task: {C08FCA58-D34C-42B1-8159-21EECD93538B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {C353514F-B394-481D-AE4F-09DB46102D50} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {CD98365A-9D54-43E5-9CAB-A5BECD32C3D2} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {CEB273B7-E5F5-40D3-BB2C-62EC9857264F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D5EBD683-99DC-4008-AB96-2EBF4C694D64} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E17490A9-F2A1-484A-9450-8B69C9D7E772} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-23 13:33 - 2013-12-23 13:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-03-22 08:45 - 2014-03-22 08:45 - 00493568 _____ () C:\Users\deborah\AppData\Local\GCC\Controller.exe
2013-11-04 20:22 - 2013-11-04 20:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-04 18:01 - 2012-08-04 18:01 - 00213136 _____ () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 15:24 - 2013-08-01 15:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2014-08-18 21:00 - 2014-07-22 16:46 - 03356480 _____ () C:\Users\deborah\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: SMITS => 2
HKCU\...\StartupApproved\Run: => "WindowexeAllkiller"
HKCU\...\StartupApproved\Run: => "GUDelayStartup"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/23/2014 09:04:29 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (08/20/2014 06:03:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TCrdMain_Win8.exe, version: 2.0.17.64, time stamp: 0x520f4add
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x530895af
Exception code: 0xc0000374
Fault offset: 0x00000000000f8c9c
Faulting process id: 0x11dc
Faulting application start time: 0xTCrdMain_Win8.exe0
Faulting application path: TCrdMain_Win8.exe1
Faulting module path: TCrdMain_Win8.exe2
Report Id: TCrdMain_Win8.exe3
Faulting package full name: TCrdMain_Win8.exe4
Faulting package-relative application ID: TCrdMain_Win8.exe5
 
Error: (08/20/2014 05:46:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TCrdMain_Win8.exe, version: 2.0.17.64, time stamp: 0x520f4add
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x530895af
Exception code: 0xc0000374
Fault offset: 0x00000000000f8c9c
Faulting process id: 0x8d4
Faulting application start time: 0xTCrdMain_Win8.exe0
Faulting application path: TCrdMain_Win8.exe1
Faulting module path: TCrdMain_Win8.exe2
Report Id: TCrdMain_Win8.exe3
Faulting package full name: TCrdMain_Win8.exe4
Faulting package-relative application ID: TCrdMain_Win8.exe5
 
Error: (08/20/2014 04:29:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1254
 
Start Time: 01cfbcb555fd39fe
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 9f6668aa-28a8-11e4-bf23-008cfa496f55
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 512: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 520: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 576: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
 
System errors:
=============
Error: (08/23/2014 02:11:43 PM) (Source: DCOM) (EventID: 10016) (User: gandalf)
Description: machine-defaultLocalActivation{3EEF301F-B596-4C0B-BD92-013BEAFCE793}{3EEF301F-B596-4C0B-BD92-013BEAFCE793}gandalfdeborahS-1-5-21-893006055-2477717136-3138752447-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/23/2014 08:47:10 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (08/23/2014 08:47:10 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (08/23/2014 08:47:10 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (08/23/2014 08:47:10 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (08/23/2014 08:47:10 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (08/23/2014 08:47:10 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (08/23/2014 08:46:16 AM) (Source: DCOM) (EventID: 10016) (User: gandalf)
Description: machine-defaultLocalActivation{3EEF301F-B596-4C0B-BD92-013BEAFCE793}{3EEF301F-B596-4C0B-BD92-013BEAFCE793}gandalfdeborahS-1-5-21-893006055-2477717136-3138752447-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/23/2014 08:44:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IDSVia64 service failed to start due to the following error: 
%%2
 
Error: (08/23/2014 08:41:41 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
 
Microsoft Office Sessions:
=========================
Error: (08/23/2014 09:04:29 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (08/20/2014 06:03:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TCrdMain_Win8.exe2.0.17.64520f4addntdll.dll6.3.9600.17031530895afc000037400000000000f8c9c11dc01cfbcc25729aee9C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exeC:\WINDOWS\SYSTEM32\ntdll.dlld2e498dd-28b5-11e4-bf25-008cfa496f55
 
Error: (08/20/2014 05:46:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TCrdMain_Win8.exe2.0.17.64520f4addntdll.dll6.3.9600.17031530895afc000037400000000000f8c9c8d401cfbcc021233172C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exeC:\WINDOWS\SYSTEM32\ntdll.dll63cbe1ca-28b3-11e4-bf24-008cfa496f55
 
Error: (08/20/2014 04:29:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17239125401cfbcb555fd39fe0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE9f6668aa-28a8-11e4-bf23-008cfa496f55
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 512: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 520: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 576: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-04-26 22:21:53.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:52.998
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:52.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:52.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:52.647
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:52.413
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:50.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:46.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:46.794
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:46.622
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 20%
Total physical RAM: 8076.22 MB
Available physical RAM: 6389.4 MB
Total Pagefile: 9356.22 MB
Available Pagefile: 7728.45 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (TI10658600D) (Fixed) (Total:685.52 GB) (Free:645.2 GB) NTFS
Drive e: () (Removable) (Total:7.44 GB) (Free:4.74 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 
==================== End Of Log ============================

  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I've reviewed the logs. Please follow the instructions below.

 

Step#1 - FRST Fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   871bytes   121 downloads 
    NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).

2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#2 - Uninstalls

I see that you have IObit Uninstaller installed on your machine. I would like to recommend that you uninstall this program as we don't feel it's a good product. An alternative is Revo Uninstaller.

 

Step#3 - Adware Scan
 
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-Click on AdwCleaner.exe and select Run as administrator to run the tool. Click Yes if asked to allow the program from an unknown publisher.
4. Click I Agree on the Terms of Use screen.
5. Click on Scan.
6. After the scan is complete click on "Clean"
7. Confirm each time with Ok on the messages that follow.
8. Your computer will be rebooted automatically. A text file will open after the restart.
9. Please post the content of that logfile with your next answer.
10. You can find the logfile at C:\AdwCleaner[S0].txt as well.

 

 

Step#4 - CCleaner Warning

I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.

 

 

Step#5 - Fresh Set of Logs

 

1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.

2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.

3. Press Scan button.

4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)

5. Please copy and paste log back here.

6. Because you select the Addition.txt check this log will be created as well. Please copy and paste this log as well.

 

 

 

Items for your next post

1. Contents of the fix log

2. Contents of the AdwCleaner log

3. New FRST and Addition logs


  • 0

#5
Gene R

Gene R

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

I've started the 'fixes' and when I start the run of FBST and clicked the 'Fix' button, at the top it says 'Not Responding'. Do I need to end the task and start it over or is it actually running in the background?

The 'spinning' beach ball is running...

I ended the process, restarted the laptop and FRST|Fix ran satisfactory

 

Here are the logs:

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-08-2014
Ran by deborah at 2014-08-24 11:42:51 Run:1
Running from C:\Users\deborah\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
() C:\Users\deborah\AppData\Local\GCC\Controller.exe
C:\Users\deborah\AppData\Local\GCC
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-893006055-2477717136-3138752447-1002\...\Run: [WindowexeAllkiller] => C:\Program Files (x86)\WindowexeAllkiller.exe [573968 2014-03-29] (WindowexeAllkiller.com)
URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
Task: {28FE4AC8-2087-476C-85E3-7CA2AAB6ACCA} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {5CA9E9F6-5403-466E-A948-BC3296E4A1B2} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {E17490A9-F2A1-484A-9450-8B69C9D7E772} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
EmptyTemp:
 
*****************
 
[2012] C:\Users\deborah\AppData\Local\GCC\Controller.exe => Process closed successfully.
C:\Users\deborah\AppData\Local\GCC => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-893006055-2477717136-3138752447-1002\Software\Microsoft\Windows\CurrentVersion\Run\\WindowexeAllkiller => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D8278076-BC68-4484-9233-6E7F1628B56C} => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28FE4AC8-2087-476C-85E3-7CA2AAB6ACCA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28FE4AC8-2087-476C-85E3-7CA2AAB6ACCA}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\UP_Scheduler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5CA9E9F6-5403-466E-A948-BC3296E4A1B2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CA9E9F6-5403-466E-A948-BC3296E4A1B2}" => Key deleted successfully.
C:\Windows\System32\Tasks\GC_Scheduler => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Scheduler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E17490A9-F2A1-484A-9450-8B69C9D7E772}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E17490A9-F2A1-484A-9450-8B69C9D7E772}" => Key deleted successfully.
C:\Windows\System32\Tasks\GC_Informer => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Informer" => Key deleted successfully.
EmptyTemp: => Removed 994.3 MB temporary data.
 
 
The system needed a reboot. 
 

==== End of Fixlog ====

 

AdwCleaner Log:

 

# AdwCleaner v3.308 - Report created 24/08/2014 at 12:00:27
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : deborah - GANDALF
# Running from : C:\Users\deborah\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\deborah\Favorites\StumbleUpon
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\deborah\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\deborah\Documents\Optimizer Pro
Folder Deleted : C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\END
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
 
-\\ Google Chrome v
 
[ File : C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
 
*************************
 
AdwCleaner[R0].txt - [2406 octets] - [24/08/2014 11:57:12]
AdwCleaner[S0].txt - [2194 octets] - [24/08/2014 12:00:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2254 octets] ##########
 
FRSTLog:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2014
Ran by deborah (administrator) on GANDALF on 24-08-2014 12:03:46
Running from C:\Users\deborah\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\Toshiba\Hotkey\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
() C:\Users\deborah\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-893006055-2477717136-3138752447-1002\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-893006055-2477717136-3138752447-1002\...\Run: [Amazon Music] => C:\Users\deborah\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-893006055-2477717136-3138752447-1002\...\MountPoints2: {0d21091d-f03d-11e3-bef6-008cfa496f55} - "E:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk *  BootDefrag.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
SearchScopes: HKLM - {ADE78FB5-ADF4-49BE-9AA0-D011F40FE812} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {ADE78FB5-ADF4-49BE-9AA0-D011F40FE812} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKCU - {1F8B8190-6DD0-4CC0-B9D9-F26653154503} URL = http://www.search.as...archTerms}&psv=
SearchScopes: HKCU - {63B4B556-7DE3-4005-A188-F0D4FC1D7016} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKCU - {A00B6214-B063-409E-A5FE-6BEF8FC4E22C} URL = http://websearch.sho...q={searchTerms}
SearchScopes: HKCU - {ADE78FB5-ADF4-49BE-9AA0-D011F40FE812} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2014-08-24]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF [2014-08-18]
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Google Docs) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-20]
CHR Extension: (Google Drive) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-20]
CHR Extension: (YouTube) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-20]
CHR Extension: (Google Search) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-20]
CHR Extension: (No Name) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-08-20]
CHR Extension: (Google Wallet) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-20]
CHR Extension: (Gmail) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-08-20] (IObit)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2014-08-20] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
S4 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2013-08-19] () [File not signed]
S2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-07-23] (Symantec Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-13] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-13] (Symantec Corporation)
R3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2012-06-19] (Windows ® Win 7 DDK provider)
S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20140822.001\IDSvia64.sys [525016 2014-08-18] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140823.001\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140823.001\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [32256 2012-06-19] (Nuvoton Technology Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-20] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-07-23] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2014-07-23] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1505000.013\SymELAM.sys [23568 2014-07-23] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-17] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2014-07-23] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-24 11:57 - 2014-08-24 12:00 - 00000000 ____D () C:\AdwCleaner
2014-08-24 11:57 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-24 11:47 - 2014-08-24 11:47 - 00001251 _____ () C:\Users\deborah\Desktop\Revo Uninstaller.lnk
2014-08-24 11:47 - 2014-08-24 11:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-24 11:19 - 2014-08-24 10:14 - 01364531 _____ () C:\Users\deborah\Desktop\AdwCleaner.exe
2014-08-24 11:18 - 2014-08-24 10:12 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\deborah\Desktop\revosetup.exe
2014-08-23 14:13 - 2014-08-24 11:56 - 00037273 _____ () C:\Users\deborah\Desktop\Addition.txt
2014-08-23 14:12 - 2014-08-24 12:03 - 00018728 _____ () C:\Users\deborah\Desktop\FRST.txt
2014-08-23 14:11 - 2014-08-24 12:03 - 00000000 ____D () C:\FRST
2014-08-23 14:11 - 2014-08-23 13:05 - 02103296 _____ (Farbar) C:\Users\deborah\Desktop\FRST64.exe
2014-08-20 17:26 - 2014-08-20 17:43 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2014-08-20 17:26 - 2014-08-20 17:26 - 01038656 _____ (SlimWare Utilities, Inc.) C:\Users\deborah\Downloads\SlimCleaner-setup.exe
2014-08-20 17:26 - 2014-08-20 17:26 - 00003016 _____ () C:\WINDOWS\System32\Tasks\SlimCleaner Run
2014-08-20 17:26 - 2014-08-20 17:26 - 00002483 _____ () C:\Users\Public\Desktop\SlimCleaner.lnk
2014-08-20 17:26 - 2014-08-20 17:26 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-08-20 17:26 - 2014-08-20 17:26 - 00000000 ____D () C:\Users\deborah\AppData\Local\SlimWare Utilities Inc
2014-08-20 17:26 - 2014-08-20 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
2014-08-20 16:25 - 2014-08-20 16:25 - 00000000 ____D () C:\Users\deborah\AppData\Roaming\ProductData
2014-08-20 16:23 - 2014-08-24 11:53 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-20 16:23 - 2014-08-23 14:11 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-20 16:23 - 2014-08-20 16:32 - 00000000 ____D () C:\ProgramData\IObit
2014-08-20 16:23 - 2014-08-20 16:23 - 12906784 _____ (IObit) C:\Users\deborah\Downloads\iobituninstaller.exe
2014-08-20 16:23 - 2014-08-20 16:23 - 00000000 ____D () C:\Users\deborah\AppData\Roaming\IObit
2014-08-20 15:41 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-08-20 15:40 - 2014-08-20 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-20 15:40 - 2014-08-20 15:40 - 00004162 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-20 15:40 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-08-20 15:40 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-08-20 15:40 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-08-20 15:32 - 2014-08-20 15:32 - 00003102 _____ () C:\WINDOWS\System32\Tasks\{F816F3E6-7C48-414B-BE84-A86671FF6260}
2014-08-19 15:21 - 2014-08-23 14:10 - 00001592 _____ () C:\WINDOWS\setupact.log
2014-08-19 15:21 - 2014-08-19 15:21 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-18 21:11 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-18 21:11 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-18 21:10 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-18 21:08 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-18 21:01 - 2014-08-18 21:01 - 00001191 _____ () C:\Users\deborah\Desktop\Amazon Music.lnk
2014-08-18 20:53 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-18 20:53 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-18 20:53 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-18 20:53 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-18 20:47 - 2014-08-18 20:47 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-08-18 19:17 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-18 19:17 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-18 19:17 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-18 19:17 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-18 19:17 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-18 19:17 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-18 19:17 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-18 19:17 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-18 19:17 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-18 19:17 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-18 19:17 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-18 19:17 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-18 19:17 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-18 19:17 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-18 19:17 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-18 19:17 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-18 19:17 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-18 19:17 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-18 19:17 - 2014-07-25 07:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-18 19:17 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 19:17 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-18 19:17 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-18 19:17 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-18 19:17 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-18 19:17 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-18 19:17 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-18 19:17 - 2014-07-25 07:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-18 19:17 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-18 19:17 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-18 19:17 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-18 19:17 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-18 19:17 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-18 19:17 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-18 19:17 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-18 19:17 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-18 19:10 - 2014-08-18 19:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-17 14:24 - 2014-08-18 19:10 - 00002492 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-08-17 14:10 - 2014-06-04 05:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-17 14:10 - 2014-06-04 01:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-17 14:10 - 2014-06-04 01:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-17 14:10 - 2014-06-04 00:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-17 14:10 - 2014-06-04 00:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-17 14:10 - 2014-06-03 22:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-17 14:10 - 2014-06-03 22:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-17 14:08 - 2014-08-17 14:08 - 00001766 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-17 14:08 - 2014-08-17 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-17 14:07 - 2014-08-17 14:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-17 14:07 - 2014-08-17 14:08 - 00000000 ____D () C:\Program Files\iTunes
2014-08-17 14:07 - 2014-08-17 14:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-17 14:07 - 2014-08-17 14:07 - 00000000 ____D () C:\Program Files\iPod
2014-08-03 08:54 - 2014-08-01 20:17 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-03 08:54 - 2014-08-01 20:17 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-28 23:09 - 2014-07-28 23:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-28 23:07 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-24 12:03 - 2014-08-23 14:12 - 00018728 _____ () C:\Users\deborah\Desktop\FRST.txt
2014-08-24 12:03 - 2014-08-23 14:11 - 00000000 ____D () C:\FRST
2014-08-24 12:02 - 2014-07-22 09:25 - 00005182 _____ () C:\WINDOWS\PFRO.log
2014-08-24 12:02 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-24 12:00 - 2014-08-24 11:57 - 00000000 ____D () C:\AdwCleaner
2014-08-24 12:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-24 11:56 - 2014-08-23 14:13 - 00037273 _____ () C:\Users\deborah\Desktop\Addition.txt
2014-08-24 11:53 - 2014-08-20 16:23 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-24 11:52 - 2014-03-29 23:46 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-893006055-2477717136-3138752447-1002
2014-08-24 11:47 - 2014-08-24 11:47 - 00001251 _____ () C:\Users\deborah\Desktop\Revo Uninstaller.lnk
2014-08-24 11:47 - 2014-08-24 11:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-24 11:19 - 2014-06-10 20:04 - 01711798 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-24 11:01 - 2014-01-22 22:08 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1C695C66-0EB1-43CA-824F-F90F63183F20}
2014-08-24 10:14 - 2014-08-24 11:19 - 01364531 _____ () C:\Users\deborah\Desktop\AdwCleaner.exe
2014-08-24 10:12 - 2014-08-24 11:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\deborah\Desktop\revosetup.exe
2014-08-23 14:23 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-23 14:22 - 2013-05-07 18:48 - 00000000 ____D () C:\Users\deborah\AppData\Local\CrashDumps
2014-08-23 14:14 - 2013-11-14 03:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-23 14:13 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-08-23 14:11 - 2014-08-20 16:23 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-23 14:10 - 2014-08-19 15:21 - 00001592 _____ () C:\WINDOWS\setupact.log
2014-08-23 13:05 - 2014-08-23 14:11 - 02103296 _____ (Farbar) C:\Users\deborah\Desktop\FRST64.exe
2014-08-21 14:04 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-21 14:00 - 2014-01-22 00:43 - 00000000 ____D () C:\Users\deborah
2014-08-21 11:02 - 2013-05-20 10:29 - 00000000 ____D () C:\Program Files (x86)\PC Checkup
2014-08-20 19:52 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-20 17:43 - 2014-08-20 17:26 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2014-08-20 17:28 - 2014-01-22 03:34 - 00000000 ___DC () C:\WINDOWS\Panther
2014-08-20 17:26 - 2014-08-20 17:26 - 01038656 _____ (SlimWare Utilities, Inc.) C:\Users\deborah\Downloads\SlimCleaner-setup.exe
2014-08-20 17:26 - 2014-08-20 17:26 - 00003016 _____ () C:\WINDOWS\System32\Tasks\SlimCleaner Run
2014-08-20 17:26 - 2014-08-20 17:26 - 00002483 _____ () C:\Users\Public\Desktop\SlimCleaner.lnk
2014-08-20 17:26 - 2014-08-20 17:26 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-08-20 17:26 - 2014-08-20 17:26 - 00000000 ____D () C:\Users\deborah\AppData\Local\SlimWare Utilities Inc
2014-08-20 17:26 - 2014-08-20 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
2014-08-20 16:56 - 2014-03-30 12:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-20 16:54 - 2014-03-30 12:43 - 00000000 ____D () C:\Users\deborah\AppData\Local\Deployment
2014-08-20 16:54 - 2014-03-23 12:23 - 00000000 ____D () C:\Users\deborah\AppData\Local\Google
2014-08-20 16:32 - 2014-08-20 16:23 - 00000000 ____D () C:\ProgramData\IObit
2014-08-20 16:25 - 2014-08-20 16:25 - 00000000 ____D () C:\Users\deborah\AppData\Roaming\ProductData
2014-08-20 16:23 - 2014-08-20 16:23 - 12906784 _____ (IObit) C:\Users\deborah\Downloads\iobituninstaller.exe
2014-08-20 16:23 - 2014-08-20 16:23 - 00000000 ____D () C:\Users\deborah\AppData\Roaming\IObit
2014-08-20 16:17 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-08-20 15:42 - 2013-10-25 20:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-20 15:41 - 2014-08-20 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-20 15:40 - 2014-08-20 15:40 - 00004162 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-20 15:40 - 2013-07-07 12:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-20 15:32 - 2014-08-20 15:32 - 00003102 _____ () C:\WINDOWS\System32\Tasks\{F816F3E6-7C48-414B-BE84-A86671FF6260}
2014-08-19 20:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-19 15:27 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-08-19 15:21 - 2014-08-19 15:21 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-19 09:51 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-18 21:01 - 2014-08-18 21:01 - 00001191 _____ () C:\Users\deborah\Desktop\Amazon Music.lnk
2014-08-18 20:47 - 2014-08-18 20:47 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-08-18 20:34 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-08-18 19:10 - 2014-08-18 19:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-18 19:10 - 2014-08-17 14:24 - 00002492 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-08-18 19:10 - 2013-04-27 08:39 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-08-18 19:10 - 2013-04-27 08:38 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-08-17 14:24 - 2013-04-27 08:39 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-08-17 14:24 - 2013-04-27 08:39 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-08-17 14:24 - 2012-12-03 02:27 - 00000000 ____D () C:\ProgramData\Norton
2014-08-17 14:19 - 2013-04-27 08:38 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-08-17 14:14 - 2013-06-10 21:19 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-08-17 14:08 - 2014-08-17 14:08 - 00001766 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-17 14:08 - 2014-08-17 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-17 14:08 - 2014-08-17 14:07 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-17 14:08 - 2014-08-17 14:07 - 00000000 ____D () C:\Program Files\iTunes
2014-08-17 14:08 - 2014-08-17 14:07 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-17 14:07 - 2014-08-17 14:07 - 00000000 ____D () C:\Program Files\iPod
2014-08-17 13:42 - 2013-05-06 20:55 - 00000000 ____D () C:\Users\deborah\AppData\Roaming\HpUpdate
2014-08-17 13:40 - 2013-08-22 07:45 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-17 13:40 - 2013-08-22 00:17 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-12 21:23 - 2014-03-23 11:10 - 00000000 ____D () C:\Users\deborah\AppData\Roaming\DiskDefrag
2014-08-07 20:50 - 2013-05-06 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-07 20:50 - 2013-05-06 20:52 - 00000000 ____D () C:\Program Files (x86)\HP
2014-08-03 08:53 - 2013-08-22 10:44 - 00335840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-01 20:17 - 2014-08-03 08:54 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-01 20:17 - 2014-08-03 08:54 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-28 23:09 - 2014-07-28 23:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-28 23:09 - 2013-11-14 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-28 23:09 - 2013-09-02 11:44 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-28 23:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-28 23:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-28 23:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-28 23:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-28 23:08 - 2013-05-13 20:04 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-25 12:55 - 2014-08-20 15:40 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-20 15:41 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-20 15:40 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-20 15:40 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-25 10:52 - 2014-08-18 19:17 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-25 09:51 - 2014-08-18 19:17 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-25 09:28 - 2014-08-18 19:17 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-07-25 09:25 - 2014-08-18 19:17 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-18 19:17 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-07-25 08:59 - 2014-08-18 19:17 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-07-25 08:40 - 2014-08-18 19:17 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-18 19:17 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-07-25 08:30 - 2014-08-18 19:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-18 19:17 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-18 19:17 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-18 19:17 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-25 08:17 - 2014-08-18 19:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-25 08:10 - 2014-08-18 19:17 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-25 08:08 - 2014-08-18 19:17 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-18 19:17 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-18 19:17 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-18 19:17 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-18 19:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-25 07:43 - 2014-08-18 19:17 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-18 19:17 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-18 19:17 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-25 07:34 - 2014-08-18 19:17 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-25 07:29 - 2014-08-18 19:17 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-25 07:23 - 2014-08-18 19:17 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-18 19:17 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-25 07:09 - 2014-08-18 19:17 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-25 07:07 - 2014-08-18 19:17 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-25 07:03 - 2014-08-18 19:17 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-18 19:17 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-25 06:26 - 2014-08-18 19:17 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-18 19:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-18 19:17 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-18 19:17 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-18 19:17 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
 
Some content of TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\CreateToastShortcut.exe
C:\Users\ADMINI~1\AppData\Local\Temp\CreateToastShortcutDll.dll
C:\Users\ADMINI~1\AppData\Local\Temp\StartMenu.exe
C:\Users\ADMINI~1\AppData\Local\Temp\TosNoRestart.exe
C:\Users\deborah\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-21 14:15
 
==================== End Of Log ============================
 
Addition Log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2014
Ran by deborah at 2014-08-24 12:04:53
Running from C:\Users\deborah\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4380 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
C4380_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink MediaShow 6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.5617 - CyberLink Corp.)
CyberLink MediaShow 6 (x32 Version: 6.0.5617 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.5.0.19 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.15 - Symantec Corporation)
Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
Nuvoton CIR Device Drivers (HKLM-x32\...\{096C6EA4-738C-4A01-BB98-45B93B6B9B34}) (Version: 8.60.5001 - Nuvoton Technology Corporation)
NVIDIA Control Panel 305.46 (Version: 305.46 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 305.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.46 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.60 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_02_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SRS Premium Sound Control Panel (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Blu-ray Disc Player (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 1.0.5.175  - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{76078303-BAA2-4FBF-BA13-D1065195E696}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 1.1.0001 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0002.64002 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.9 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-893006055-2477717136-3138752447-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\deborah\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-893006055-2477717136-3138752447-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\deborah\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-893006055-2477717136-3138752447-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\deborah\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-893006055-2477717136-3138752447-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\deborah\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
20-08-2014 19:39:33 Installed Java 7 Update 67
24-08-2014 15:48:45 Revo Uninstaller's restore point - IObit Uninstaller
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2014-03-29 23:05 - 00000748 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0967956F-5097-48EE-9D2D-F725206FA7DA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {11EA07D6-F037-46D4-ABD5-A6E9C3E8D781} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {14C8A61C-9CE6-49FC-844B-D484C67EFE98} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {321FE431-E1A7-4646-B1FB-D0996EEE3F37} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {37E7DCAF-2271-4841-BAA0-B9D1A39F3467} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3FCC461B-6D62-429A-AD3B-037F9CBA3151} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4F34613C-C45E-4BB9-8DC2-DFC7FE2E3436} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {70235E2F-5CC9-47E0-9E6A-8569BBAC50B2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-28] (Microsoft Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {773E584D-5585-4AF1-924E-7B609F305E85} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7FCF2A6F-0DEE-4757-B06F-BB65701D9410} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {88AB4FDE-F3AC-44C1-B897-1DE83A03C99D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9A47ADD3-C73D-4A56-A0FA-F4A9A0F4732D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-20] (Synaptics Incorporated)
Task: {9B0D6FBA-6692-499A-82D5-0851B3739840} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BD773C4B-5497-446C-BF3A-AA663D8A284B} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2014-08-20] (Symantec Corporation)
Task: {C08FCA58-D34C-42B1-8159-21EECD93538B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {C353514F-B394-481D-AE4F-09DB46102D50} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {CD98365A-9D54-43E5-9CAB-A5BECD32C3D2} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {CEB273B7-E5F5-40D3-BB2C-62EC9857264F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D5EBD683-99DC-4008-AB96-2EBF4C694D64} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-23 13:33 - 2013-12-23 13:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-11-04 20:22 - 2013-11-04 20:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-04 18:01 - 2012-08-04 18:01 - 00213136 _____ () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 15:24 - 2013-08-01 15:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2014-08-18 21:00 - 2014-07-22 16:46 - 03356480 _____ () C:\Users\deborah\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: SMITS => 2
HKCU\...\StartupApproved\Run: => "WindowexeAllkiller"
HKCU\...\StartupApproved\Run: => "GUDelayStartup"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/24/2014 00:03:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NOTEPAD.EXE version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 13bc
 
Start Time: 01cfbfb4d5be6e52
 
Termination Time: 0
 
Application Path: C:\WINDOWS\system32\NOTEPAD.EXE
 
Report Id: 2b8ea376-2ba8-11e4-bf2d-008cfa496f55
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/23/2014 02:22:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: DEVRTL.dll, version: 6.3.9600.16384, time stamp: 0x5215e1cb
Exception code: 0xc0000005
Fault offset: 0x00000000000013e5
Faulting process id: 0x5a0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
Error: (08/23/2014 09:04:29 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (08/20/2014 06:03:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TCrdMain_Win8.exe, version: 2.0.17.64, time stamp: 0x520f4add
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x530895af
Exception code: 0xc0000374
Fault offset: 0x00000000000f8c9c
Faulting process id: 0x11dc
Faulting application start time: 0xTCrdMain_Win8.exe0
Faulting application path: TCrdMain_Win8.exe1
Faulting module path: TCrdMain_Win8.exe2
Report Id: TCrdMain_Win8.exe3
Faulting package full name: TCrdMain_Win8.exe4
Faulting package-relative application ID: TCrdMain_Win8.exe5
 
Error: (08/20/2014 05:46:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TCrdMain_Win8.exe, version: 2.0.17.64, time stamp: 0x520f4add
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x530895af
Exception code: 0xc0000374
Fault offset: 0x00000000000f8c9c
Faulting process id: 0x8d4
Faulting application start time: 0xTCrdMain_Win8.exe0
Faulting application path: TCrdMain_Win8.exe1
Faulting module path: TCrdMain_Win8.exe2
Report Id: TCrdMain_Win8.exe3
Faulting package full name: TCrdMain_Win8.exe4
Faulting package-relative application ID: TCrdMain_Win8.exe5
 
Error: (08/20/2014 04:29:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1254
 
Start Time: 01cfbcb555fd39fe
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 9f6668aa-28a8-11e4-bf23-008cfa496f55
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 512: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 520: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
 
System errors:
=============
Error: (08/24/2014 11:51:14 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.
 
Error: (08/24/2014 10:58:05 AM) (Source: DCOM) (EventID: 10016) (User: gandalf)
Description: machine-defaultLocalActivation{3EEF301F-B596-4C0B-BD92-013BEAFCE793}{3EEF301F-B596-4C0B-BD92-013BEAFCE793}gandalfdeborahS-1-5-21-893006055-2477717136-3138752447-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/23/2014 10:33:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (08/23/2014 10:33:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (08/23/2014 10:33:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (08/23/2014 10:33:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (08/23/2014 10:33:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (08/23/2014 10:33:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (08/23/2014 10:28:15 PM) (Source: DCOM) (EventID: 10016) (User: gandalf)
Description: machine-defaultLocalActivation{3EEF301F-B596-4C0B-BD92-013BEAFCE793}{3EEF301F-B596-4C0B-BD92-013BEAFCE793}gandalfdeborahS-1-5-21-893006055-2477717136-3138752447-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/23/2014 02:11:43 PM) (Source: DCOM) (EventID: 10016) (User: gandalf)
Description: machine-defaultLocalActivation{3EEF301F-B596-4C0B-BD92-013BEAFCE793}{3EEF301F-B596-4C0B-BD92-013BEAFCE793}gandalfdeborahS-1-5-21-893006055-2477717136-3138752447-1002LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (08/24/2014 00:03:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NOTEPAD.EXE6.3.9600.1638413bc01cfbfb4d5be6e520C:\WINDOWS\system32\NOTEPAD.EXE2b8ea376-2ba8-11e4-bf2d-008cfa496f55
 
Error: (08/23/2014 02:22:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1703953156588DEVRTL.dll6.3.9600.163845215e1cbc000000500000000000013e55a001cfbefd748a8484C:\WINDOWS\Explorer.EXEC:\WINDOWS\SYSTEM32\DEVRTL.dll68045732-2af2-11e4-bf28-008cfa496f55
 
Error: (08/23/2014 09:04:29 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (08/20/2014 06:03:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TCrdMain_Win8.exe2.0.17.64520f4addntdll.dll6.3.9600.17031530895afc000037400000000000f8c9c11dc01cfbcc25729aee9C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exeC:\WINDOWS\SYSTEM32\ntdll.dlld2e498dd-28b5-11e4-bf25-008cfa496f55
 
Error: (08/20/2014 05:46:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TCrdMain_Win8.exe2.0.17.64520f4addntdll.dll6.3.9600.17031530895afc000037400000000000f8c9c8d401cfbcc021233172C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exeC:\WINDOWS\SYSTEM32\ntdll.dll63cbe1ca-28b3-11e4-bf24-008cfa496f55
 
Error: (08/20/2014 04:29:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17239125401cfbcb555fd39fe0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE9f6668aa-28a8-11e4-bf23-008cfa496f55
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 512: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 520: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/19/2014 03:26:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-04-26 22:21:53.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:52.998
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:52.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:52.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:52.647
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:52.413
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:50.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:46.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:46.794
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-26 22:21:46.622
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 21%
Total physical RAM: 8076.22 MB
Available physical RAM: 6379.09 MB
Total Pagefile: 9356.22 MB
Available Pagefile: 7782.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (TI10658600D) (Fixed) (Total:685.52 GB) (Free:645.65 GB) NTFS
Drive e: () (Removable) (Total:7.44 GB) (Free:4.74 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 
==================== End Of Log ============================
 
 

Edited by Gene R, 24 August 2014 - 10:16 AM.

  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi Gene -

 

Just saw that you posted the logs. I believe I didn't get notified since you edited an existing post. I'll look through them now and get back to you. Sorry for the delay.


  • 0

#7
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Great job. It looks like the Chrome issue is resolved but we still have some work to do. How's the machine running? Please follow the steps below.
 

Important: Before running these scans/fixes, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. I believe on the taskbar, you right-click the Norton icon and then click Disable AntiVirus Auto-Protect or something similar. Instructions for doing this on many AVs are here.
 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. txt.gif.pagespeed.ce.weXzwzRVPS.gif  fixlist.txt   744bytes   0 downloads
NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Step#2 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


Step#3 - Malwarebytes Scan

  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

Step#4 - ESET Online Scan
 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the contents of the logfile located at C:\Program Files (x86)\ESET\Eset Online Scanner\log.txt
    Note: Copy/Paste the contents of the log.txt file BEFORE going on to the next step or the log file will be removed.
  • Also be sure to check Uninstall Application on Close before clicking finish.
  • Paste that log as a part of your next post.

Step#5 - Security Check

1. Download Security Check from here or here.
2. Save it to your Desktop.
3. Right-click on SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

  

Items for your next post
1. FRST Fix Log

2. Rootkit Scan log

3. Malwarebytes log

4. ESET log

5. Security Check log


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#9
Gene R

Gene R

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Since the topic has been reopened, when I click on the link in Step 1 to download 'Fixlist.txt' it opens a window stating I am not authorized to open that file, or something like that.

 

Will that 'right' be given again?

 

Thanks...


  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Can you close your browsers and then try again? That's happened to me on more than one occasion and simply closing my browser and trying again worked.


  • 0

Advertisements


#11
Gene R

Gene R

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Shutdown the browser and tried again and got same thing. restarted the laptop, logged back into GTG and tried again with same results

 

Sorry, you don't have permission for that!

 

[#10171]

You do not have permission to view this attachment.


  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Let's approach this a little different as it sounds like there may be something on your system causing this. Please follow the instructions below to produce fresh logs.

 

Step#1 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer. It's been awhile so it will likely automatically check for a new update. Let it install.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post
1. FRST and Addition logs


  • 0

#13
Gene R

Gene R

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Thanks! Logs below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-11-2014 01
Ran by deborah (administrator) on GANDALF on 08-11-2014 16:42:26
Running from C:\Users\deborah\Desktop
Loaded Profiles: UpdatusUser & deborah (Available profiles: UpdatusUser & deborah)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\Toshiba\Hotkey\Hotkey\TCrdKBB.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
() C:\Users\deborah\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-893006055-2477717136-3138752447-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-893006055-2477717136-3138752447-1002\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-893006055-2477717136-3138752447-1002\...\Run: [Amazon Music] => C:\Users\deborah\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-893006055-2477717136-3138752447-1002\...\MountPoints2: {0d21091d-f03d-11e3-bef6-008cfa496f55} - "E:\VZW_Software_upgrade_assistant.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
SearchScopes: HKLM - {ADE78FB5-ADF4-49BE-9AA0-D011F40FE812} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {ADE78FB5-ADF4-49BE-9AA0-D011F40FE812} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKCU - DefaultScope {63B4B556-7DE3-4005-A188-F0D4FC1D7016} URL = http://www.google.co...?q={searchTerms}
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...ix={searchTerms}
SearchScopes: HKCU - {1F8B8190-6DD0-4CC0-B9D9-F26653154503} URL = http://www.search.as...earchTerms}=
SearchScopes: HKCU - {63B4B556-7DE3-4005-A188-F0D4FC1D7016} URL = http://www.google.co...?q={searchTerms}
SearchScopes: HKCU - {A00B6214-B063-409E-A5FE-6BEF8FC4E22C} URL = http://websearch.sho...&q={searchTerms}
SearchScopes: HKCU - {ADE78FB5-ADF4-49BE-9AA0-D011F40FE812} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2014-11-08]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF [2014-08-18]

Chrome:
=======
CHR Profile: C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-20]
CHR Extension: (Google Drive) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-20]
CHR Extension: (YouTube) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-20]
CHR Extension: (Google Search) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-20]
CHR Extension: (No Name) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-08-20]
CHR Extension: (Google Wallet) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-20]
CHR Extension: (Gmail) - C:\Users\deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-20]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-08-20] (IObit)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2014-08-20] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
S4 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2013-08-19] () [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-11] (Symantec Corporation)
R3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2012-06-19] (Windows ® Win 7 DDK provider)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20141107.001\IDSvia64.sys [633560 2014-08-31] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141107.018\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141107.018\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [32256 2012-06-19] (Nuvoton Technology Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-20] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-17] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 16:41 - 2014-11-08 16:41 - 00000000 ____D () C:\Users\deborah\Desktop\FRST-OlderVersion
2014-10-24 19:49 - 2014-10-24 19:49 - 00001828 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-24 19:49 - 2014-10-24 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-24 19:48 - 2014-10-24 19:49 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-24 19:47 - 2014-10-24 19:47 - 00001766 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-24 19:47 - 2014-10-24 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-24 19:46 - 2014-10-24 19:47 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-24 19:46 - 2014-10-24 19:47 - 00000000 ____D () C:\Program Files\iTunes
2014-10-24 19:46 - 2014-10-24 19:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-24 19:46 - 2014-10-24 19:46 - 00000000 ____D () C:\Program Files\iPod
2014-10-20 21:09 - 2014-10-20 21:08 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-20 21:08 - 2014-10-20 21:08 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-20 21:08 - 2014-10-20 21:08 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-20 21:08 - 2014-10-20 21:08 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-20 21:08 - 2014-10-20 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-16 19:41 - 2014-09-27 17:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-16 19:40 - 2014-09-07 22:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-16 19:40 - 2014-09-07 20:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-16 19:40 - 2014-09-07 20:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-16 19:40 - 2014-09-07 19:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-16 19:40 - 2014-09-07 19:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-16 19:40 - 2014-09-07 19:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-16 19:40 - 2014-09-07 19:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-16 19:40 - 2014-09-07 19:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-16 19:40 - 2014-09-07 19:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-16 19:40 - 2014-09-07 19:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-16 19:40 - 2014-09-07 18:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-16 19:40 - 2014-09-07 18:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-16 19:40 - 2014-09-07 18:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-16 19:40 - 2014-09-07 18:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-16 19:39 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-16 19:39 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-16 19:39 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-16 19:39 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-16 19:39 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-16 19:39 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-16 19:39 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-16 19:39 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-16 19:39 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-16 19:39 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-16 19:39 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-16 19:39 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-16 19:39 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-16 19:39 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-16 19:39 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-16 19:39 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-16 19:39 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-16 19:39 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-16 19:39 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-16 19:39 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-16 19:39 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-16 19:39 - 2014-09-18 19:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-16 19:39 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-16 19:39 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-16 19:39 - 2014-09-18 19:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-16 19:39 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-16 19:39 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-16 19:39 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-16 19:39 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-16 19:39 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-16 19:39 - 2014-09-13 01:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-16 19:39 - 2014-09-13 00:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-16 19:39 - 2014-09-03 19:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-16 19:39 - 2014-09-03 19:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-16 19:39 - 2014-08-28 20:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-16 19:39 - 2014-08-28 20:32 - 02779136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-16 19:39 - 2014-08-28 19:59 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-16 19:39 - 2014-08-28 18:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-16 19:39 - 2014-08-28 18:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-16 19:39 - 2014-08-15 23:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-16 19:39 - 2014-08-15 22:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-16 19:39 - 2014-08-15 19:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-16 19:38 - 2014-08-15 23:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-16 19:38 - 2014-08-15 23:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-16 19:38 - 2014-08-15 22:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-16 19:38 - 2014-08-15 22:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-16 19:38 - 2014-08-15 22:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-16 19:38 - 2014-08-15 22:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-16 19:38 - 2014-08-15 22:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-16 19:38 - 2014-08-15 20:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-16 19:38 - 2014-08-15 20:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-16 19:38 - 2014-08-15 19:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-16 19:38 - 2014-08-15 19:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-16 19:38 - 2014-08-15 19:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-16 19:38 - 2014-08-15 19:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-16 19:38 - 2014-08-15 19:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-16 19:38 - 2014-08-15 19:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-16 19:38 - 2014-08-15 19:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-16 19:38 - 2014-08-15 19:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-16 19:38 - 2014-08-15 19:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 19:38 - 2014-08-15 19:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-16 19:38 - 2014-08-15 19:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-16 19:38 - 2014-08-15 19:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-16 19:38 - 2014-08-15 19:20 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-16 19:38 - 2014-08-15 19:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 19:38 - 2014-08-15 19:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-16 19:38 - 2014-08-15 19:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-16 19:38 - 2014-08-15 19:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-16 19:38 - 2014-08-15 19:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-16 19:38 - 2014-08-15 19:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-16 19:38 - 2014-08-15 19:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-16 19:38 - 2014-08-15 19:11 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-16 19:38 - 2014-08-15 19:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-16 19:38 - 2014-08-15 19:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-16 19:38 - 2014-08-15 19:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-16 19:38 - 2014-07-31 18:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 16:42 - 2014-08-23 13:12 - 00020695 _____ () C:\Users\deborah\Desktop\FRST.txt
2014-11-08 16:42 - 2014-08-23 13:11 - 00000000 ____D () C:\FRST
2014-11-08 16:41 - 2014-08-23 13:11 - 02115584 _____ (Farbar) C:\Users\deborah\Desktop\FRST64.exe
2014-11-08 16:38 - 2014-06-10 19:04 - 01175102 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-08 16:25 - 2014-03-29 22:46 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-893006055-2477717136-3138752447-1002
2014-11-08 16:20 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-08 16:19 - 2014-01-22 21:08 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1C695C66-0EB1-43CA-824F-F90F63183F20}
2014-11-08 16:08 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-08 16:07 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-08 16:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-08 15:49 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-08 13:13 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-08 09:53 - 2013-11-14 02:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-08 09:48 - 2014-08-20 15:23 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-04 19:53 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-10-24 19:46 - 2014-09-27 14:10 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-24 19:46 - 2013-05-07 17:12 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-20 21:50 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-10-20 21:50 - 2013-05-07 17:48 - 00000000 ____D () C:\Users\deborah\AppData\Local\CrashDumps
2014-10-20 21:26 - 2014-08-19 14:21 - 00004570 _____ () C:\WINDOWS\setupact.log
2014-10-20 21:09 - 2013-10-25 19:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-20 21:08 - 2013-07-07 11:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-20 20:58 - 2014-07-22 08:25 - 00016230 _____ () C:\WINDOWS\PFRO.log
2014-10-20 19:34 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-10-20 19:26 - 2013-08-22 09:44 - 00337864 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-17 21:03 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-17 21:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-14 19:12 - 2013-05-20 09:29 - 00000000 ____D () C:\Program Files (x86)\PC Checkup
2014-10-11 07:38 - 2013-05-21 19:35 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

Some content of TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\CreateToastShortcut.exe
C:\Users\ADMINI~1\AppData\Local\Temp\CreateToastShortcutDll.dll
C:\Users\ADMINI~1\AppData\Local\Temp\StartMenu.exe
C:\Users\ADMINI~1\AppData\Local\Temp\TosNoRestart.exe
C:\Users\deborah\AppData\Local\Temp\HPPSdr.exe
C:\Users\deborah\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\deborah\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-08 16:26

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-11-2014 01
Ran by deborah at 2014-11-08 16:43:02
Running from C:\Users\deborah\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4380 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
C4380_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink MediaShow 6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.5617 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
DriverTuner 3.5.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.5.0.1 - LionSea Software co., ltd)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.15 - Symantec Corporation)
Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
Nuvoton CIR Device Drivers (HKLM-x32\...\{096C6EA4-738C-4A01-BB98-45B93B6B9B34}) (Version: 8.60.5001 - Nuvoton Technology Corporation)
NVIDIA Graphics Driver 305.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.46 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.60 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_02_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SRS Premium Sound Control Panel (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Blu-ray Disc Player (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 1.0.5.175  - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{76078303-BAA2-4FBF-BA13-D1065195E696}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 1.1.0001 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0002.64002 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.9 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-893006055-2477717136-3138752447-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\deborah\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-893006055-2477717136-3138752447-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\deborah\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-893006055-2477717136-3138752447-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\deborah\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-893006055-2477717136-3138752447-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\deborah\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

25-10-2014 00:50:01 Windows Update
31-10-2014 22:23:24 Windows Update
08-11-2014 15:17:28 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2014-03-29 22:05 - 00000748 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {21DCF0B5-D6E2-42D7-A26F-A4F56B0F55E1} - System32\Tasks\HP AR Program Upload - 8ae2e04a951a41a49f4b697a66e52c8dbb26fdb7e9ae4899b0dded8720786fba => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {3FCC461B-6D62-429A-AD3B-037F9CBA3151} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {4BC69AAD-7F5A-4618-863A-57D03721D712} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {4F34613C-C45E-4BB9-8DC2-DFC7FE2E3436} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {5A3FCF69-6B78-4248-93A9-B8444CF1A4F2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {7FCF2A6F-0DEE-4757-B06F-BB65701D9410} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {9A47ADD3-C73D-4A56-A0FA-F4A9A0F4732D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-20] (Synaptics Incorporated)
Task: {9B0D6FBA-6692-499A-82D5-0851B3739840} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {AC6A8C1B-BDDB-434C-8A54-75743D4321DA} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {BD773C4B-5497-446C-BF3A-AA663D8A284B} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2014-08-20] (Symantec Corporation)
Task: {C08FCA58-D34C-42B1-8159-21EECD93538B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {CEB273B7-E5F5-40D3-BB2C-62EC9857264F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D5EBD683-99DC-4008-AB96-2EBF4C694D64} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)

==================== Loaded Modules (whitelisted) =============

2013-12-23 12:33 - 2013-12-23 12:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-11-04 19:22 - 2013-11-04 19:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-04 17:01 - 2012-08-04 17:01 - 00213136 _____ () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 14:24 - 2013-08-01 14:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2014-08-18 20:00 - 2014-07-22 15:46 - 03356480 _____ () C:\Users\deborah\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-27 07:14 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SMITS => 2
HKCU\...\StartupApproved\Run: => "WindowexeAllkiller"
HKCU\...\StartupApproved\Run: => "GUDelayStartup"

========================= Accounts: ==========================

Administrator (S-1-5-21-893006055-2477717136-3138752447-500 - Administrator - Disabled)
deborah (S-1-5-21-893006055-2477717136-3138752447-1002 - Administrator - Enabled) => C:\Users\deborah
Guest (S-1-5-21-893006055-2477717136-3138752447-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-893006055-2477717136-3138752447-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2014 09:50:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.16384, time stamp: 0x5215f00d
Faulting module name: USER32.dll, version: 6.3.9600.17278, time stamp: 0x53eebd22
Exception code: 0xc0000142
Fault offset: 0x00000000000ec0b4
Faulting process id: 0x1500
Faulting application start time: 0xrundll32.exe_winethc.dll0
Faulting application path: rundll32.exe_winethc.dll1
Faulting module path: rundll32.exe_winethc.dll2
Report Id: rundll32.exe_winethc.dll3
Faulting package full name: rundll32.exe_winethc.dll4
Faulting package-relative application ID: rundll32.exe_winethc.dll5

Error: (10/20/2014 09:34:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.16384, time stamp: 0x5215f00d
Faulting module name: USER32.dll, version: 6.3.9600.17278, time stamp: 0x53eebd22
Exception code: 0xc0000142
Fault offset: 0x00000000000ec0b4
Faulting process id: 0xd4c
Faulting application start time: 0xrundll32.exe_winethc.dll0
Faulting application path: rundll32.exe_winethc.dll1
Faulting module path: rundll32.exe_winethc.dll2
Report Id: rundll32.exe_winethc.dll3
Faulting package full name: rundll32.exe_winethc.dll4
Faulting package-relative application ID: rundll32.exe_winethc.dll5

Error: (10/16/2014 07:51:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/11/2014 07:36:32 AM) (Source: MsiInstaller) (EventID: 1024) (User: gandalf)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (10/07/2014 07:37:56 PM) (Source: MsiInstaller) (EventID: 1024) (User: gandalf)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (10/06/2014 00:16:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: gandalf)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (10/05/2014 07:19:42 AM) (Source: MsiInstaller) (EventID: 1024) (User: gandalf)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (10/04/2014 05:59:59 AM) (Source: MsiInstaller) (EventID: 1024) (User: gandalf)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (10/01/2014 05:06:47 AM) (Source: MsiInstaller) (EventID: 1024) (User: gandalf)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (09/30/2014 01:05:22 PM) (Source: MsiInstaller) (EventID: 1024) (User: gandalf)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

System errors:
=============
Error: (11/08/2014 02:29:47 PM) (Source: DCOM) (EventID: 10010) (User: gandalf)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/08/2014 02:00:36 PM) (Source: DCOM) (EventID: 10010) (User: gandalf)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/08/2014 02:00:06 PM) (Source: DCOM) (EventID: 10010) (User: gandalf)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/08/2014 10:18:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Hewlett-Packard  - Imaging, Other hardware - Null Fax - HP Photosmart 7520 series.

Error: (11/08/2014 10:18:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Hewlett-Packard  - Imaging, Other hardware - Null Print - HP Photosmart 7520 series.

Error: (11/08/2014 09:53:07 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.

Error: (11/08/2014 09:53:07 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.

Error: (11/08/2014 09:53:07 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.

Error: (11/08/2014 09:53:07 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.

Error: (11/08/2014 09:53:07 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.

Microsoft Office Sessions:
=========================
Error: (10/20/2014 09:50:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_winethc.dll6.3.9600.163845215f00dUSER32.dll6.3.9600.1727853eebd22c000014200000000000ec0b4150001cfecd9bd162a40C:\WINDOWS\System32\rundll32.exeUSER32.dllfbe0da5f-58cc-11e4-bf68-008cfa496f55

Error: (10/20/2014 09:34:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_winethc.dll6.3.9600.163845215f00dUSER32.dll6.3.9600.1727853eebd22c000014200000000000ec0b4d4c01cfecd77cdd5dccC:\WINDOWS\System32\rundll32.exeUSER32.dllbdc553bb-58ca-11e4-bf65-008cfa496f55

Error: (10/16/2014 07:51:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/11/2014 07:36:32 AM) (Source: MsiInstaller) (EventID: 1024) (User: gandalf)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (10/07/2014 07:37:56 PM) (Source: MsiInstaller) (EventID: 1024) (User: gandalf)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (10/06/2014 00:16:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: gandalf)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (10/05/2014 07:19:42 AM) (Source: MsiInstaller) (EventID: 1024) (User: gandalf)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (10/04/2014 05:59:59 AM) (Source: MsiInstaller) (EventID: 1024) (User: gandalf)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (10/01/2014 05:06:47 AM) (Source: MsiInstaller) (EventID: 1024) (User: gandalf)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (09/30/2014 01:05:22 PM) (Source: MsiInstaller) (EventID: 1024) (User: gandalf)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

CodeIntegrity Errors:
===================================
  Date: 2014-04-26 22:21:53.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-26 22:21:52.998
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-26 22:21:52.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-26 22:21:52.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-26 22:21:52.647
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-26 22:21:52.413
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-26 22:21:50.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-26 22:21:46.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-26 22:21:46.794
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-26 22:21:46.622
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 20%
Total physical RAM: 8076.22 MB
Available physical RAM: 6455.14 MB
Total Pagefile: 9356.22 MB
Available Pagefile: 7609.48 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (TI10658600D) (Fixed) (Total:685.52 GB) (Free:647.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#14
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, please follow these instructions.

 

Step#1 - FRST Fix

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Open notepad and copy/paste the text in the quotebox below into it:

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-08-20] (IObit)
2014-08-20 16:23 - 2014-08-24 11:53 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-20 16:23 - 2014-08-20 16:32 - 00000000 ____D () C:\ProgramData\IObit
2014-08-20 16:23 - 2014-08-20 16:23 - 12906784 _____ (IObit) C:\Users\deborah\Downloads\iobituninstaller.exe
2014-08-20 16:23 - 2014-08-20 16:23 - 00000000 ____D () C:\Users\deborah\AppData\Roaming\IObit
2014-08-20 15:32 - 2014-08-20 15:32 - 00003102 _____ () C:\WINDOWS\System32\Tasks\{F816F3E6-7C48-414B-BE84-A86671FF6260}
HKU\S-1-5-21-893006055-2477717136-3138752447-1002\...\MountPoints2: {0d21091d-f03d-11e3-bef6-008cfa496f55} - "E:\VZW_Software_upgrade_assistant.exe"
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...ix={searchTerms}
SearchScopes: HKCU - {1F8B8190-6DD0-4CC0-B9D9-F26653154503} URL = http://www.search.as...earchTerms}=
SearchScopes: HKCU - {A00B6214-B063-409E-A5FE-6BEF8FC4E22C} URL = http://websearch.sho...&q={searchTerms}
SearchScopes: HKCU - {ADE78FB5-ADF4-49BE-9AA0-D011F40FE812} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File

CMD: bitsadmin /reset /allusers

EmptyTemp:

 

 

2. Save this as fixlist.txt, in the same location as FRST64.exe
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Step#2 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


Step#3 - Malwarebytes Scan

  • Download Malwarebytes to your desktop from here. Note: I know you already have it installed but there is a newer version that I would like to get. So please uninstall your current version before installing this one.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

Step#4 - ESET Online Scan
 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the contents of the logfile located at C:\Program Files (x86)\ESET\Eset Online Scanner\log.txt
    Note: Copy/Paste the contents of the log.txt file BEFORE going on to the next step or the log file will be removed.
  • Also be sure to check Uninstall Application on Close before clicking finish.
  • Paste that log as a part of your next post.

Step#5 - Security Check

1. Download Security Check from here or here.
2. Save it to your Desktop.
3. Right-click on SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

  

Items for your next post
1. FRST Fix Log

2. Rootkit Scan log

3. Malwarebytes log

4. ESET log

5. Security Check log

 

Let me know how your machine is doing after all these steps.


  • 0

#15
Gene R

Gene R

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Here are the logs. Thanks for all of your assistance.

I could not get Security Check site to connect, even with AV disabled the first link would not connect, the second link came up with a Norton security block. When I clicked 'Go to the site anyway', all it would do is clock...

Let me know if there is another way to get to it.

 

I'll check back around noon tomorrow (11.9.2014)

 

Again, thanks for your assistance

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-11-2014 01
Ran by deborah at 2014-11-08 20:51:22 Run:2
Running from C:\Users\deborah\Desktop
Loaded Profiles: UpdatusUser & deborah (Available profiles: UpdatusUser & deborah)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
 S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-08-20] (IObit)
 2014-08-20 16:23 - 2014-08-24 11:53 - 00000000 ____D () C:\Program Files (x86)\IObit
 2014-08-20 16:23 - 2014-08-20 16:32 - 00000000 ____D () C:\ProgramData\IObit
 2014-08-20 16:23 - 2014-08-20 16:23 - 12906784 _____ (IObit) C:\Users\deborah\Downloads\iobituninstaller.exe
 2014-08-20 16:23 - 2014-08-20 16:23 - 00000000 ____D () C:\Users\deborah\AppData\Roaming\IObit
 2014-08-20 15:32 - 2014-08-20 15:32 - 00003102 _____ () C:\WINDOWS\System32\Tasks\{F816F3E6-7C48-414B-BE84-A86671FF6260}
 HKU\S-1-5-21-893006055-2477717136-3138752447-1002\...\MountPoints2: {0d21091d-f03d-11e3-bef6-008cfa496f55} - "E:\VZW_Software_upgrade_assistant.exe"
 SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...ix={searchTerms}
 SearchScopes: HKCU - {1F8B8190-6DD0-4CC0-B9D9-F26653154503} URL = http://www.search.as...earchTerms}=
 SearchScopes: HKCU - {A00B6214-B063-409E-A5FE-6BEF8FC4E22C} URL = http://websearch.sho...&q={searchTerms}
 SearchScopes: HKCU - {ADE78FB5-ADF4-49BE-9AA0-D011F40FE812} URL =
 BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File

CMD: bitsadmin /reset /allusers

EmptyTemp:

*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
LiveUpdateSvc => Service deleted successfully.
C:\Program Files (x86)\IObit => Moved successfully.
C:\ProgramData\IObit => Moved successfully.
C:\Users\deborah\Downloads\iobituninstaller.exe => Moved successfully.
C:\Users\deborah\AppData\Roaming\IObit => Moved successfully.
C:\WINDOWS\System32\Tasks\{F816F3E6-7C48-414B-BE84-A86671FF6260} => Moved successfully.
"HKU\S-1-5-21-893006055-2477717136-3138752447-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d21091d-f03d-11e3-bef6-008cfa496f55}" => Key deleted successfully.
"HKCR\CLSID\{0d21091d-f03d-11e3-bef6-008cfa496f55}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F8B8190-6DD0-4CC0-B9D9-F26653154503}" => Key deleted successfully.
"HKCR\CLSID\{1F8B8190-6DD0-4CC0-B9D9-F26653154503}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A00B6214-B063-409E-A5FE-6BEF8FC4E22C}" => Key deleted successfully.
"HKCR\CLSID\{A00B6214-B063-409E-A5FE-6BEF8FC4E22C}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ADE78FB5-ADF4-49BE-9AA0-D011F40FE812}" => Key deleted successfully.
"HKCR\CLSID\{ADE78FB5-ADF4-49BE-9AA0-D011F40FE812}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key not found.
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key not found.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 93.8 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

aswMBR version 1.0.1.2201 Copyright© 2014 AVAST Software
Run date: 2014-11-08 20:59:00
-----------------------------
20:59:00.080    OS Version: Windows x64 6.2.9200
20:59:00.080    Number of processors: 8 586 0x3A09
20:59:00.080    ComputerName: GANDALF  UserName: deborah
20:59:02.163    Initialize success
20:59:02.413    VM: initialized successfully
20:59:02.413    VM: Intel CPU supported
20:59:07.757    VM: disk I/O iaStorA.sys
21:00:40.715    AVAST engine defs: 14110600
21:01:03.669    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003a
21:01:03.684    Disk 0 Vendor: TOSHIBA_MQ01ABD075 AX0A4M Size: 715404MB BusType: 11
21:01:03.809    Disk 0 MBR read successfully
21:01:03.809    Disk 0 MBR scan
21:01:03.841    Disk 0 unknown MBR code
21:01:03.841    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
21:01:03.966    Disk 0 scanning C:\WINDOWS\system32\drivers
21:01:20.932    Service scanning
21:01:24.466    Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20141030.001\BHDrvx64.sys **LOCKED** 5
21:01:27.873    Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
21:01:28.202    Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
21:01:31.992    Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20141107.001\IDSvia64.sys **LOCKED** 5
21:01:37.975    Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141107.018\ENG64.SYS **LOCKED** 5
21:01:38.210    Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141107.018\EX64.SYS **LOCKED** 5
21:02:00.203    Modules scanning
21:02:00.203    Disk 0 trace - called modules:
21:02:00.234    ntoskrnl.exe CLASSPNP.SYS disk.sys Wdf01000.sys THAccel.sys thpdrv.sys storport.sys hal.dll iaStorA.sys
21:02:00.250    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000a3eb2770]
21:02:00.250    3 CLASSPNP.SYS[fffff8004bc8a27b] -> nt!IofCallDriver -> [0xffffe000a3eb4040]
21:02:00.265    5 Wdf01000.sys[fffff8004be080a8] -> nt!IofCallDriver -> \Device\THPDRV1[0xffffe000a3e4d060]
21:02:00.265    7 thpdrv.sys[fffff8004cc9ac97] -> nt!IofCallDriver -> \Device\0000003a[0xffffe000a185a060]
21:02:01.488    AVAST engine scan C:\WINDOWS
21:02:05.156    AVAST engine scan C:\WINDOWS\system32
21:05:28.085    AVAST engine scan C:\WINDOWS\system32\drivers
21:05:57.194    AVAST engine scan C:\Users\deborah
21:09:32.346    AVAST engine scan C:\ProgramData
21:13:45.157    Disk 0 statistics 3655554/0/0 @ 183.28 MB/s
21:13:45.173    Scan finished successfully
21:13:59.833    Disk 0 MBR has been saved successfully to "C:\Users\deborah\Desktop\MBR.dat"
21:13:59.848    The log file has been saved successfully to "C:\Users\deborah\Desktop\aswMBR.txt"

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/8/2014
Scan Time: 9:23:59 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.09.01
Rootkit Database: v2014.11.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: deborah

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 380031
Time Elapsed: 21 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

 

C:\Users\deborah\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

 


 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP