2.
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-01 09:49:44
-----------------------------
09:49:44.184 OS Version: Windows 6.0.6002 Service Pack 2
09:49:44.184 Number of processors: 2 586 0xF0D
09:49:44.185 ComputerName: ARTHUR-PC UserName: Arthur
09:50:01.303 Initialize success
09:50:01.629 VM: initialized successfully
09:50:01.674 VM: Intel CPU virtualization not supported
09:50:52.416 AVAST engine defs: 14083101
09:51:05.451 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:51:05.454 Disk 0 Vendor: Hitachi_ V54O Size: 305245MB BusType: 3
09:51:06.204 Disk 0 MBR read successfully
09:51:06.207 Disk 0 MBR scan
09:51:06.249 Disk 0 unknown MBR code
09:51:06.299 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 296221 MB offset 63
09:51:06.341 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9020 MB offset 606662595
09:51:06.386 Disk 0 scanning sectors +625137345
09:51:07.170 Disk 0 scanning C:\Windows\system32\drivers
09:51:34.157 Service scanning
09:51:36.907 Service BHDrvx86 C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20140821.007\BHDrvx86.sys **LOCKED** 5
09:51:37.910 Service ccSet_NIS C:\Windows\system32\drivers\NIS\1505000.013\ccSetx86.sys **LOCKED** 5
09:51:45.086 Service IDSVix86 C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20140829.001\IDSvix86.sys **LOCKED** 5
09:51:54.871 Service NAVENG C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140831.001\NAVENG.SYS **LOCKED** 5
09:51:55.120 Service NAVEX15 C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140831.001\NAVEX15.SYS **LOCKED** 5
09:52:03.594 Service SRTSPX C:\Windows\system32\drivers\NIS\1505000.013\SRTSPX.SYS **LOCKED** 5
09:52:04.738 Service SymDS C:\Windows\system32\drivers\NIS\1505000.013\SYMDS.SYS **LOCKED** 5
09:52:04.980 Service SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
09:52:05.147 Service SymIRON C:\Windows\system32\drivers\NIS\1505000.013\Ironx86.SYS **LOCKED** 5
09:52:05.219 Service SYMTDIv C:\Windows\System32\Drivers\NIS\1505000.013\SYMTDIV.SYS **LOCKED** 5
09:52:13.663 Modules scanning
09:52:52.790 Disk 0 trace - called modules:
09:52:52.804 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
09:52:52.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86817968]
09:52:52.820 3 CLASSPNP.SYS[88dac8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84c74030]
09:52:54.237 AVAST engine scan C:\Windows
09:53:02.628 AVAST engine scan C:\Windows\system32
09:59:41.180 AVAST engine scan C:\Windows\system32\drivers
10:00:07.641 AVAST engine scan C:\Users\Arthur
10:51:52.309 AVAST engine scan C:\ProgramData
11:06:15.007 Scan finished successfully
11:08:11.415 Disk 0 MBR has been saved successfully to "C:\Users\Arthur\Desktop\MBR.dat"
11:08:11.423 The log file has been saved successfully to "C:\Users\Arthur\Desktop\aswMBR.txt"
3.
# AdwCleaner v3.308 - Report created 22/08/2014 at 17:32:02
# Updated 20/08/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Arthur - ARTHUR-PC
# Running from : C:\Users\Arthur\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\IObit Apps Toolbar
Folder Deleted : C:\Program Files\Skillbrains
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Users\Arthur\AppData\Local\Skillbrains
Folder Deleted : C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default\Conduit
Folder Deleted : C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
File Deleted : C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default\Extensions\
[email protected]
File Deleted : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
***** [ Scheduled Tasks ] *****
Task Deleted : Driver Booster Scan
Task Deleted : Driver Booster Update
[x] Not Deleted : update-sys
[x] Not Deleted : update-S-1-5-21-2954682461-3353532526-1526713206-1000
[x] Not Deleted : update-sys
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [LightShot]
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SkillBrains
Key Deleted : HKLM\SOFTWARE\GoforFiles
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\SkillBrains
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16561
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v13.0.1 (en-US)
[ File : C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default\prefs.js ]
Line Deleted : user_pref("CT2786678..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Mon Nov 07 2011 19:57:18 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Line Deleted : user_pref("CT2786678.CTID", "CT2786678");
Line Deleted : user_pref("CT2786678.CurrentServerDate", "18-7-2012");
Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Tue Jul 17 2012 21:33:13 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Sat Feb 05 2011 18:07:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 205);
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Sat Feb 05 2011 18:07:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Sat Feb 05 2011 18:07:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Sat Feb 05 2011 18:07:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Sat Feb 05 2011 18:07:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Sat Feb 05 2011 18:07:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Sat Feb 05 2011 18:07:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Sat Feb 05 2011 18:07:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Sat Feb 05 2011 18:07:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Sat Feb 05 2011 18:07:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Sat Feb 05 2011 18:07:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Sat Feb 05 2011 18:07:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Line Deleted : user_pref("CT2786678.FirstServerDate", "6-2-2011");
Line Deleted : user_pref("CT2786678.FirstTime", true);
Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2786678.HomepageBeforeUnload", "hxxp://google.com/");
Line Deleted : user_pref("CT2786678.Initialize", true);
Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2786678.InstalledDate", "Sat Feb 05 2011 16:53:02 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2786678.IsGrouping", false);
Line Deleted : user_pref("CT2786678.IsMulticommunity", false);
Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Jul 17 2012 21:33:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.LastLogin_3.12.0.7", "Mon Jun 18 2012 18:14:15 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.LastLogin_3.13.0.6", "Tue Jul 17 2012 21:33:10 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.LastLogin_3.2.5.2", "Sun Mar 20 2011 21:32:34 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.LastLogin_3.3.3.2", "Sat Nov 05 2011 19:41:22 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.LastLogin_3.7.0.6", "Sun Jan 01 2012 16:47:02 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.LastLogin_3.8.1.0", "Sun Apr 22 2012 15:46:09 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.LatestVersion", "3.13.0.6");
Line Deleted : user_pref("CT2786678.Locale", "en");
Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2786678.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Tue Jul 17 2012 21:33:10 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Tue Jul 17 2012 21:33:10 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Tue Jul 17 2012 21:33:09 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1340118047");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Tue Jul 17 2012 21:33:09 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2786678.UserID", "UN18793852766269226");
Line Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2786678.WeatherNetwork", "");
Line Deleted : user_pref("CT2786678.WeatherPollDate", "Sat Feb 05 2011 18:07:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.WeatherUnit", "F");
Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Line Deleted : user_pref("CT2786678.approveUntrustedApps", false);
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B445D4B4C504A6259646C787A2[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473767577727676787D242F4B49474F42357D5D38512E48454A3E35405436504D52463D48553E58555A4E45505B46605D62564D58636F67506A676C602666");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D32293443525747472E594E513E27402F313133453C4756625C5C5D656169445F685B4873686B58415A494B4B4C5F56617020257425215[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F62666F6674605E4B766B6E5B445D4D4A52506259647722232[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e8x305", "247E3441402B327844393C29712B7A7C207D3027324740434E5550594D49574C565B535E36615659462F48383A3D3A4D444F64716F6B6267626A754D786D705D465F4F515450645B667B2[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C786A517C7174614A6355544F566[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F7A6F725F48614F50504F665D6[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b-0?3g>d", "6D3F6E41716B43737A424849752075497A4C254E7E237E2A23282524292C2D58295C5C30");
Line Deleted : user_pref("CT2786678.backendstorage./9b-0?3g@6:5;", "");
Line Deleted : user_pref("CT2786678.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
Line Deleted : user_pref("CT2786678.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "676A6D7273747576");
Line Deleted : user_pref("CT2786678.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484778213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
Line Deleted : user_pref("CT2786678.backendstorage./9b5ba==9cjag", "6D6B6B3C707475407A71454676774A7D4A7C7D7C7E");
Line Deleted : user_pref("CT2786678.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D706F716C706F7775777579");
Line Deleted : user_pref("CT2786678.backendstorage./9b9643g3/9e", "6A");
Line Deleted : user_pref("CT2786678.backendstorage./9b<:222h64<", "393F352F3E");
Line Deleted : user_pref("CT2786678.backendstorage./9b=+03eh8h8j?:", "4443");
Line Deleted : user_pref("CT2786678.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("CT2786678.backendstorage./9b?b0d:8aj62<h", "6D");
Line Deleted : user_pref("CT2786678.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Line Deleted : user_pref("CT2786678.backendstorage.cb", "30");
Line Deleted : user_pref("CT2786678.backendstorage.cb_user_id_000", "43423233303239393934353238375F46697265666F78");
Line Deleted : user_pref("CT2786678.backendstorage.cbcountry_000", "5553");
Line Deleted : user_pref("CT2786678.backendstorage.cbcountry_001", "5553");
Line Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "4D6F6E204F637420303320323031312032313A34383A323420474D542D3034303020284561737465726E204461796C696768742054696D6529");
Line Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
Line Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E7479706563617374736F66742E636F6D2F666F72756D732F73686F777468726561642E7068703F322D4C61756E636865722D4C61746573742D56657273696F6[...]
Line Deleted : user_pref("CT2786678.backendstorage.url_history0001", "687474703A2F2F7777772E64657669616E746172742E636F6D2F75736572732F6F7574676F696E673F687474703A2F2F7777772E796F75747562652E636F6D2F77617463683F763D6[...]
Line Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333235343535303139353631");
Line Deleted : user_pref("CT2786678.components.1000034", false);
Line Deleted : user_pref("CT2786678.components.1000234", false);
Line Deleted : user_pref("CT2786678.components.129295698017012804", false);
Line Deleted : user_pref("CT2786678.components.129298376496232218", false);
Line Deleted : user_pref("CT2786678.components.129309485163350924", false);
Line Deleted : user_pref("CT2786678.components.129309489763975460", false);
Line Deleted : user_pref("CT2786678.components.129315411424256896", false);
Line Deleted : user_pref("CT2786678.components.5690698542593514850", false);
Line Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Tue Jul 17 2012 21:33:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2786678.initDone", true);
Line Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2786678.myStuffEnabled", true);
Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129789450454597254,1000034,129526967958500204,129309489763975460,5690698542593514850,129309485163350924,12931541142425[...]
Line Deleted : user_pref("CT2786678.revertSettingsEnabled", false);
Line Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2786678.testingCtid", "");
Line Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Jul 17 2012 21:33:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Tue Jul 17 2012 21:33:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"54c6f2799b3bb5aa6150c9cd1aef83e82\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1334471445\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:14f1\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"6a637346d78ccc1:1254\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"0d648794549cd1:1462\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0ee90707f77cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"5a3bfb736bf65ca0cca630a3f0917948\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634333631231730000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=CT2786678", "\"1321973053\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"1311517341\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"634432176643630000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"2292e5c1512a30b86b91a7e3313d799f\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Arthur\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\oct94ggb.default\\conduitCommon\\modules\\3.13.0.6");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.yahoo.com/?type=714647&fr=spigot-yhp-ff");
Line Deleted : user_pref("extensions.enabledItems", "{BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2,{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.2.3,{20a82645-c095-46ed-80e3-08825760534b}:1.1,
[email protected]:3.3.3.2[...]
Line Deleted : user_pref("startpage.ntsearch_url", "hxxp://search.yahoo.com/search?ei=utf-8&fr=spigot-nt-ff&type=0&ilc=12&p={searchTerms}");
-\\ Google Chrome v36.0.1985.125
[ File : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj
Deleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp
Deleted [Extension] : pmlghpafmmnmmkjdhacccolfgnkiboco
*************************
AdwCleaner[R0].txt - [26217 octets] - [22/08/2014 17:22:49]
AdwCleaner[S0].txt - [26561 octets] - [22/08/2014 17:32:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26622 octets] ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by Arthur (administrator) on ARTHUR-PC on 01-09-2014 11:15:20
Running from C:\Users\Arthur\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\WINDOWS\System32\schtasks.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Akamai Technologies, Inc.) C:\Users\Arthur\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Skillbrains) C:\Users\Arthur\AppData\Local\Skillbrains\lightshot\5.1.4.6\Lightshot.exe
(Akamai Technologies, Inc.) C:\Users\Arthur\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2014-01-22] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2008-06-02] (Intel Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44168 2007-04-03] (soft thinks)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2954682461-3353532526-1526713206-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2954682461-3353532526-1526713206-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Arthur\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2954682461-3353532526-1526713206-1000\...\Run: [LightShot] => C:\Users\Arthur\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] ()
HKU\S-1-5-21-2954682461-3353532526-1526713206-1000\...\MountPoints2: J - J:\LaunchU3.exe -a
HKU\S-1-5-21-2954682461-3353532526-1526713206-1000\...\MountPoints2: {aa4d64e3-960b-11e0-8bbb-001d6072e52c} - F:\LaunchU3.exe -a
Startup: C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5520 series.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKLM - DefaultScope value is missing.
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default
FF DefaultSearchEngine: Google
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", ""
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", ""
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", ""
FF NetworkProxy: "ftp", ""
FF NetworkProxy: "ftp_port", ""
FF NetworkProxy: "http", ""
FF NetworkProxy: "http_port", ""
FF NetworkProxy: "share_proxy_settings", ""
FF NetworkProxy: "socks", ""
FF NetworkProxy: "socks_port", ""
FF NetworkProxy: "ssl", ""
FF NetworkProxy: "ssl_port", ""
FF NetworkProxy: "type", ""
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Arthur\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default\searchplugins\yahoo_ff.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-01-04]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2014-09-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-12-28]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-07-31]
FF HKLM\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.28\coFFFw
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF [2014-08-26]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> 43378B18F170AFA78B97629211C952C6B336B8C0405B933F9B2A16ADA9C8C5D8
CHR DefaultSearchURL: Default -> D1B21049CEB6775166DCBD5302E8E15CA83A362C008C9D8E8EE5FC6BB5A06066
CHR CustomProfile: C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Tampermonkey) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-12-17]
CHR Extension: (AdBlock) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-11-20]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2012-09-27]
CHR Extension: (HF Script - HF Post Helper) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\jogmnmcfegjicllgiddhmbbbhfgpbpbf [2012-10-11]
CHR Extension: (Qmee) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2014-03-20]
CHR Extension: (Hack Forums Ban reason on profile) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\mefpgdcjkcgkgngidncefmnphmjfacja [2013-12-17]
CHR Extension: (HF Scripts - Scammer Warning) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnlophkmnjdlhjmkcekckmangkgkain [2012-07-30]
CHR Extension: (Google Wallet) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-07-31]
CHR Extension: (4chan Plus) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2012-02-29]
CHR Extension: (Gmail) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-26]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [3918216 2010-11-23] (INCA Internet Co., Ltd.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [250072 2014-01-22] (Realtek Semiconductor)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20140821.007\BHDrvx86.sys [1138480 2014-08-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1505000.013\ccSetx86.sys [127064 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-08] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20140829.001\IDSvix86.sys [476888 2014-08-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140831.022\NAVENG.SYS [95704 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140831.022\NAVEX15.SYS [1636696 2014-08-11] (Symantec Corporation)
S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1505000.013\SRTSP.SYS [664280 2014-07-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1505000.013\SRTSPX.SYS [32344 2014-07-23] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1505000.013\SYMDS.SYS [367704 2014-07-23] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1505000.013\SYMEFA.SYS [936152 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-08-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1505000.013\Ironx86.SYS [206936 2014-07-23] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1505000.013\SYMTDIV.SYS [384728 2014-07-23] (Symantec Corporation)
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project) [File not signed]
S3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2010-02-08] (Texas Instruments Incorporated) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 XDva384; \??\C:\Windows\system32\XDva384.sys [X]
S3 XDva385; \??\C:\Windows\system32\XDva385.sys [X]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [X]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]
S3 XDva406; \??\C:\Windows\system32\XDva406.sys [X]
S3 XDva407; \??\C:\Windows\system32\XDva407.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
U3 aswMBR; \??\C:\Users\Arthur\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Arthur\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-01 11:15 - 2014-09-01 11:20 - 00023302 _____ () C:\Users\Arthur\Desktop\FRST.txt
2014-09-01 11:14 - 2014-09-01 11:15 - 00000000 ____D () C:\FRST
2014-09-01 11:13 - 2014-09-01 11:13 - 01096704 _____ (Farbar) C:\Users\Arthur\Downloads\FRST.exe
2014-09-01 11:13 - 2014-09-01 11:13 - 01096704 _____ (Farbar) C:\Users\Arthur\Desktop\FRST.exe
2014-09-01 11:08 - 2014-09-01 11:08 - 00003150 _____ () C:\Users\Arthur\Desktop\aswMBR.txt
2014-09-01 11:08 - 2014-09-01 11:08 - 00000512 _____ () C:\Users\Arthur\Desktop\MBR.dat
2014-08-31 22:48 - 2014-08-31 22:48 - 05185536 _____ (AVAST Software) C:\Users\Arthur\Downloads\aswMBR.exe
2014-08-31 22:48 - 2014-08-31 22:48 - 05185536 _____ (AVAST Software) C:\Users\Arthur\Desktop\aswMBR.exe
2014-08-31 22:40 - 2014-08-31 22:40 - 00000000 ____D () C:\_OTL
2014-08-31 22:29 - 2014-08-31 22:29 - 00000000 ____D () C:\Users\Arthur\Documents\Lightshot
2014-08-31 11:56 - 2014-08-31 11:56 - 00231760 _____ () C:\Users\Arthur\Downloads\CrucialScan.exe
2014-08-31 11:55 - 2014-08-31 11:55 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Skillbrains
2014-08-31 11:55 - 2014-08-31 11:55 - 00000000 ____D () C:\Program Files\Skillbrains
2014-08-31 11:52 - 2014-08-31 11:53 - 02273984 _____ (Skillbrains ) C:\Users\Arthur\Downloads\setup-lightshot (3).exe
2014-08-29 11:22 - 2014-08-29 11:23 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Akamai
2014-08-28 21:14 - 2014-08-28 21:14 - 00087120 _____ () C:\Users\Arthur\Downloads\OTL.Txt
2014-08-28 21:14 - 2014-08-28 21:14 - 00054866 _____ () C:\Users\Arthur\Downloads\Extras.Txt
2014-08-28 20:33 - 2014-08-28 20:33 - 00602112 _____ (OldTimer Tools) C:\Users\Arthur\Desktop\OTL.exe
2014-08-28 00:13 - 2014-08-22 21:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 00:13 - 2014-08-22 19:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 13:04 - 2014-08-26 13:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-22 18:15 - 2014-08-22 18:15 - 00000000 ____D () C:\3522ebabf596f83325ebc3881962
2014-08-22 18:11 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-22 18:11 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-22 18:11 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-22 18:10 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-22 17:53 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-22 17:52 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-22 17:52 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-22 17:52 - 2013-10-08 08:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-22 17:50 - 2014-08-22 17:52 - 00002200 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-22 17:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-22 17:21 - 2014-08-22 17:32 - 00000000 ____D () C:\AdwCleaner
2014-08-22 17:15 - 2014-08-22 17:15 - 00046682 _____ () C:\Users\Arthur\Desktop\JRT.txt
2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\Windows\ERUNT
2014-08-22 16:54 - 2014-07-24 14:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-22 16:54 - 2014-07-24 13:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-22 16:54 - 2014-07-24 13:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-22 16:54 - 2014-07-24 13:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-22 16:54 - 2014-07-24 13:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-22 16:54 - 2014-07-24 13:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-22 16:54 - 2014-07-24 13:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-22 16:54 - 2014-07-24 13:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-22 16:54 - 2014-07-24 13:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-22 16:54 - 2014-07-24 13:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-22 16:54 - 2014-07-24 13:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-22 16:54 - 2014-07-24 13:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-22 16:54 - 2014-07-24 13:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-22 16:54 - 2014-07-24 13:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-22 16:54 - 2014-07-24 13:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-22 16:54 - 2014-07-24 13:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-22 16:54 - 2014-07-24 13:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-22 16:54 - 2014-07-24 13:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-22 16:54 - 2014-07-24 13:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-22 16:54 - 2014-07-24 13:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-22 16:54 - 2014-07-24 13:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-22 16:54 - 2014-07-07 20:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-22 16:54 - 2014-06-13 20:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-22 16:54 - 2014-06-13 20:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-22 16:54 - 2014-06-02 06:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-22 16:54 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-22 16:54 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-22 16:54 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-22 16:54 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-22 16:39 - 2014-08-22 16:39 - 01016261 _____ (Thisisu) C:\Users\Arthur\Downloads\JRT (1).exe
2014-08-22 16:39 - 2014-08-22 16:39 - 01016261 _____ (Thisisu) C:\Users\Arthur\Desktop\JRT (1).exe
2014-08-22 16:38 - 2014-08-22 16:38 - 01016261 _____ (Thisisu) C:\Users\Arthur\Downloads\JRT.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-01 11:20 - 2014-09-01 11:15 - 00023302 _____ () C:\Users\Arthur\Desktop\FRST.txt
2014-09-01 11:15 - 2014-09-01 11:14 - 00000000 ____D () C:\FRST
2014-09-01 11:14 - 2013-04-17 16:27 - 00000378 _____ () C:\Windows\Tasks\update-S-1-5-21-2954682461-3353532526-1526713206-1000.job
2014-09-01 11:13 - 2014-09-01 11:13 - 01096704 _____ (Farbar) C:\Users\Arthur\Downloads\FRST.exe
2014-09-01 11:13 - 2014-09-01 11:13 - 01096704 _____ (Farbar) C:\Users\Arthur\Desktop\FRST.exe
2014-09-01 11:08 - 2014-09-01 11:08 - 00003150 _____ () C:\Users\Arthur\Desktop\aswMBR.txt
2014-09-01 11:08 - 2014-09-01 11:08 - 00000512 _____ () C:\Users\Arthur\Desktop\MBR.dat
2014-09-01 11:07 - 2011-07-31 18:54 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 09:58 - 2013-03-04 19:53 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2954682461-3353532526-1526713206-1000UA.job
2014-09-01 09:50 - 2010-12-28 01:30 - 01293493 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 09:43 - 2007-09-15 18:14 - 00000000 ____D () C:\Windows\SMINST
2014-09-01 09:42 - 2011-07-31 18:54 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 09:42 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 09:42 - 2006-11-02 08:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 09:42 - 2006-11-02 08:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 23:56 - 2006-11-02 09:01 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-31 22:48 - 2014-08-31 22:48 - 05185536 _____ (AVAST Software) C:\Users\Arthur\Downloads\aswMBR.exe
2014-08-31 22:48 - 2014-08-31 22:48 - 05185536 _____ (AVAST Software) C:\Users\Arthur\Desktop\aswMBR.exe
2014-08-31 22:40 - 2014-08-31 22:40 - 00000000 ____D () C:\_OTL
2014-08-31 22:29 - 2014-08-31 22:29 - 00000000 ____D () C:\Users\Arthur\Documents\Lightshot
2014-08-31 22:17 - 2010-12-28 11:01 - 00000000 ____D () C:\Program Files\Pando Networks
2014-08-31 12:01 - 2013-04-17 16:27 - 00000378 _____ () C:\Windows\Tasks\update-sys.job
2014-08-31 11:56 - 2014-08-31 11:56 - 00231760 _____ () C:\Users\Arthur\Downloads\CrucialScan.exe
2014-08-31 11:55 - 2014-08-31 11:55 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Skillbrains
2014-08-31 11:55 - 2014-08-31 11:55 - 00000000 ____D () C:\Program Files\Skillbrains
2014-08-31 11:55 - 2013-04-29 19:13 - 00000000 ____D () C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2014-08-31 11:55 - 2013-04-17 16:27 - 00000438 _____ () C:\Users\Arthur\AppData\Local\UserProducts.xml
2014-08-31 11:53 - 2014-08-31 11:52 - 02273984 _____ (Skillbrains ) C:\Users\Arthur\Downloads\setup-lightshot (3).exe
2014-08-31 11:52 - 2013-12-11 18:47 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Razer
2014-08-31 11:52 - 2013-12-11 18:46 - 00000000 ____D () C:\ProgramData\Razer
2014-08-31 11:52 - 2013-12-11 18:46 - 00000000 ____D () C:\Program Files\Razer
2014-08-31 11:46 - 2014-01-07 20:13 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-29 11:23 - 2014-08-29 11:22 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Akamai
2014-08-28 21:14 - 2014-08-28 21:14 - 00087120 _____ () C:\Users\Arthur\Downloads\OTL.Txt
2014-08-28 21:14 - 2014-08-28 21:14 - 00054866 _____ () C:\Users\Arthur\Downloads\Extras.Txt
2014-08-28 20:33 - 2014-08-28 20:33 - 00602112 _____ (OldTimer Tools) C:\Users\Arthur\Desktop\OTL.exe
2014-08-28 20:26 - 2006-11-02 08:47 - 00441160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 20:33 - 2007-09-15 18:05 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-27 20:07 - 2014-06-27 12:41 - 00007498 _____ () C:\Windows\PFRO.log
2014-08-26 18:58 - 2013-03-04 19:53 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2954682461-3353532526-1526713206-1000Core.job
2014-08-26 13:17 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-26 13:10 - 2010-12-27 23:08 - 00000000 ____D () C:\ProgramData\Norton
2014-08-26 13:04 - 2014-08-26 13:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-26 13:04 - 2010-12-27 23:09 - 00002215 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-08-26 13:04 - 2010-12-27 23:09 - 00000000 ____D () C:\Windows\system32\Drivers\NIS
2014-08-26 12:54 - 2010-12-27 23:09 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2014-08-26 12:54 - 2010-12-27 23:09 - 00008194 _____ () C:\Windows\system32\Drivers\SYMEVENT.CAT
2014-08-26 12:53 - 2010-12-27 23:08 - 00000000 ____D () C:\Program Files\Norton Internet Security
2014-08-26 12:46 - 2011-09-10 18:59 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-08-26 12:14 - 2013-11-12 21:06 - 00000000 ____D () C:\Users\Arthur\Desktop\Belts
2014-08-26 11:56 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-08-26 11:36 - 2013-10-28 17:51 - 00000000 ____D () C:\Program Files\Youtube Movie Maker
2014-08-26 11:23 - 2013-04-02 15:23 - 00000000 ____D () C:\Program Files\Litecoin
2014-08-26 11:21 - 2006-11-02 06:33 - 00851378 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-26 11:20 - 2010-12-27 22:38 - 00000000 ____D () C:\Users\Arthur
2014-08-22 21:03 - 2014-08-28 00:13 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 19:26 - 2014-08-28 00:13 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 18:15 - 2014-08-22 18:15 - 00000000 ____D () C:\3522ebabf596f83325ebc3881962
2014-08-22 18:15 - 2013-07-18 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-22 18:15 - 2006-11-02 06:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-22 18:02 - 2013-09-21 18:14 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-22 17:55 - 2006-11-02 07:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-22 17:53 - 2007-09-15 17:57 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-22 17:52 - 2014-08-22 17:50 - 00002200 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-22 17:52 - 2007-09-15 17:57 - 00000000 ____D () C:\Program Files\Java
2014-08-22 17:32 - 2014-08-22 17:21 - 00000000 ____D () C:\AdwCleaner
2014-08-22 17:24 - 2014-06-12 22:36 - 00000000 ____D () C:\Users\Arthur\Desktop\ARTHUR JOB STUFF
2014-08-22 17:15 - 2014-08-22 17:15 - 00046682 _____ () C:\Users\Arthur\Desktop\JRT.txt
2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\Windows\ERUNT
2014-08-22 16:39 - 2014-08-22 16:39 - 01016261 _____ (Thisisu) C:\Users\Arthur\Downloads\JRT (1).exe
2014-08-22 16:39 - 2014-08-22 16:39 - 01016261 _____ (Thisisu) C:\Users\Arthur\Desktop\JRT (1).exe
2014-08-22 16:38 - 2014-08-22 16:38 - 01016261 _____ (Thisisu) C:\Users\Arthur\Downloads\JRT.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-01 09:58
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by Arthur at 2014-09-01 11:21:39
Running from C:\Users\Arthur\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.6.602.171 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Aeria Ignite (HKLM\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audjoo Helix 1.0 (HKLM\...\Audjoo Helix_is1) (Version: - )
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
c5200_Help (Version: 90.0.189.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cross Fire En (HKLM\...\Cross Fire_is1) (Version: - Z8Games.com)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.15 - DivX, LLC)
Edirol HQ Orchestral VSTi v1.03 (HKLM\...\Edirol HQ Orchestral VSTi v1.03) (Version: - )
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version: - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (Version: 90.0.146.000 - Hewlett-Packard) Hidden
FL Studio 10.0.2 (HKLM\...\FL Studio ) (Version: 10.0.2 - )
FL Studio 10 (HKLM\...\FL Studio 10) (Version: - Image-Line)
FL Studio 11 (HKLM\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM\...\FlowStone) (Version: - )
Fraps (HKLM\...\Fraps) (Version: - )
FREE Word and Excel password recovery Wizard version 2.1.15 (HKLM\...\{BEE8AFD4-907F-4BD5-B2E9-6606291415E8}_is1) (Version: 2.1.15 - FREE Password Recovery Software)
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.102 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4558.05 - PC-Doctor, Inc.)
HP Active Support Library (Version: 3.1.6.1 - Hewlett-Packard) Hidden
HP Active Support Library 32 bit components (Version: 2.1.0 - Hewlett-Packard) Hidden
HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.2.0.2296 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.2.0.2304 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version: - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5520 series Basic Device Software (HKLM\...\{E8ED5ADB-3EB5-4890-85F6-0FEA13A47EEE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Product Improvement Study (HKLM\...\{B58FBD4F-C69A-41C1-94AC-1A47AD946C91}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version: - Image-Line)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: - )
iTunes (HKLM\...\{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}) (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java 6 Update 33 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Java SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Lennar Digital Sylenth VSTi v1.2.1 (HKLM\...\Lennar Digital Sylenth VSTi v1.2.1) (Version: - )
Lightshot-5.1.4.6 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.4.6 - Skillbrains)
Luxonix Purity VSTi v1.1.2 (HKLM\...\Luxonix Purity VSTi_is1) (Version: - )
ManyCam 2.6.60 (remove only) (HKLM\...\ManyCam) (Version: 2.6.60 - ManyCam LLC)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 (Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50701 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.50706 - Microsoft Corporation) Hidden
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 13.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 13.0.1 (x86 en-US)) (Version: 13.0.1 - Mozilla)
Mozilla Firefox 4.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 4.0.1 (x86 en-US)) (Version: 4.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 13.0.1 - Mozilla)
MSRedist (Version: 9.0.30729.4148 - Symantec Corporation) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiBit 0.5.14 (HKLM\...\MultiBit 0.5.14) (Version: 0.5.14 - )
MultiBit 0.5.17 (HKLM\...\MultiBit 0.5.17) (Version: 0.5.17 - )
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1804 - WildTangent)
Native Instruments Massive (HKLM\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Massive (Version: 1.2.1.1989 - Native Instruments) Hidden
Norton Internet Security (HKLM\...\NIS) (Version: 21.5.0.19 - Symantec Corporation)
ODT Viewer version 1.0 (HKLM\...\{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1) (Version: 1.0 - odtviewer.com)
ooVoo (HKLM\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.0.7023 - ooVoo LLC.)
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
REACTOR (HKLM\...\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}) (Version: 1.00.0000 - ijji)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM\...\reFX Nexus_is1) (Version: - )
reFX Vanguard VSTi RTAS v1.8.0 (HKLM\...\reFX Vanguard_is1) (Version: - )
Remote Utilities - Viewer (HKLM\...\{E0891DC0-EC05-45F9-9959-64207AB75E6D}) (Version: 5.255.3000 - Usoris Systems LLC)
Rhapsody (HKLM\...\Rhapsody) (Version: - )
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.572 - Roxio)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12114_1 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12114_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Snapfish Picture Mover (HKLM\...\{029B5901-1F27-4347-9923-E8ACC8F54E15}) (Version: 1.9.0.16 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
Soldier Front (HKLM\...\Soldier Front) (Version: - )
Spotify (HKCU\...\Spotify) (Version: 0.8.8.348.ge445f5b9 - Spotify AB)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab for Intel (HKLM\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Test Drive 5 (HKLM\...\Test Drive 5) (Version: - Accolade)
TI Connect 1.6 (HKLM\...\{A8B94669-8654-4126-BD28-D0D2412CDED6}) (Version: 1.6 - Texas Instruments Inc)
Tone2 Gladiator VSTi v2.2 (HKLM\...\Tone2 Gladiator VSTi_is1) (Version: - )
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
WildTangent Games App (HP Games) (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.31 - WildTangent)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Xfire (remove only) (HKLM\...\Xfire) (Version: - )
Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2954682461-3353532526-1526713206-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Arthur\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2954682461-3353532526-1526713206-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2954682461-3353532526-1526713206-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Arthur\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2954682461-3353532526-1526713206-1000_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\Arthur\AppData\Local\Roblox\Versions\version-38d9c3e04e394773\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2954682461-3353532526-1526713206-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Arthur\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2954682461-3353532526-1526713206-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Arthur\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
==================== Restore Points =========================
29-08-2014 03:32:37 Scheduled Checkpoint
29-08-2014 18:41:16 Scheduled Checkpoint
31-08-2014 15:58:35 Removed IObit Apps Toolbar v9.6.
01-09-2014 02:40:19 OTL Restore Point - 8/31/2014 10:40:18 PM
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-04-16 17:04 - 2014-04-09 17:34 - 00000809 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 roblox.com
127.0.0.1 www.roblox.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {14D49B84-E6BD-4CE1-B98B-4FB35347F9E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-31] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3E09A082-3DD6-4681-B104-E7324F09E03E} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {3E382ABE-25C2-459F-96D1-C59E182344B9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2954682461-3353532526-1526713206-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {46FE14F9-88E8-471C-BD52-4DD76797C525} - System32\Tasks\Driver Booster SkipUAC (Arthur) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {4ECAAD62-459B-4435-A945-3AC5AC791706} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-05-17] ()
Task: {523BAE2E-445E-470F-B012-25E032F374D3} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {64C613FE-5AA5-406A-A2F0-A7C90F891AE8} - System32\Tasks\update-S-1-5-21-2954682461-3353532526-1526713206-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {78F1294C-1DCA-497A-AD5E-630FD422D14A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2954682461-3353532526-1526713206-1000UA => C:\Users\Arthur\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-04] (Facebook Inc.)
Task: {8EA3544E-9572-4313-B3A1-D97DBD93F244} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {94737657-89AF-4F43-9BED-05752A329451} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {99918669-3E47-468D-8AC7-DCEC3F5CC10C} - System32\Tasks\JavaUpdateAdministrator => C:\Windows\system32\jusched.exe [2007-04-07] (Sun Microsystems, Inc.)
Task: {A1622948-A795-4EDF-ADAD-EBC631018B78} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {AACED546-1343-4F2B-A5A0-3A5C5282E6A1} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {AB37DB43-0782-4F1A-8489-BC12C83FB99D} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {AB587583-7BA9-44F6-A215-0960B8A69C98} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2954682461-3353532526-1526713206-1000Core => C:\Users\Arthur\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-04] (Facebook Inc.)
Task: {BDCAFF8D-0FA4-4CB5-8A03-471471B7CB7D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {C6681F91-7FE4-42D7-BA18-E5A36651411C} - System32\Tasks\Go for FilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {D0A0AA8E-9160-40B9-A926-D35824AC2978} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D8BB4AFB-3E82-4CD5-A20C-E2947E79E7FE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2954682461-3353532526-1526713206-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {E34B349C-738F-4A87-BF64-401C80B3A8EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-31] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2010-12-28] ()
Task: {FE7AE3B7-DF0A-445F-8ABD-5D44048C5584} - System32\Tasks\JavaUpdateArthur => C:\Windows\system32\jusched.exe [2007-04-07] (Sun Microsystems, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2954682461-3353532526-1526713206-1000Core.job => C:\Users\Arthur\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2954682461-3353532526-1526713206-1000UA.job => C:\Users\Arthur\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-2954682461-3353532526-1526713206-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe
==================== Loaded Modules (whitelisted) =============
2011-01-15 20:55 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-29 17:14 - 2014-08-28 00:54 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.102\pdf.dll
2014-08-29 17:14 - 2014-08-28 00:54 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.102\ppGoogleNaClPluginChrome.dll
2014-08-29 17:14 - 2014-08-28 00:53 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.102\ffmpegsumo.dll
2014-04-11 14:58 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-11 14:58 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Arthur\Desktop\Calm-Down.MP3:TOC.WMV
AlternateDataStreams: C:\Users\Arthur\Desktop\Gucci Mane & Cheif Keef - Top of Trash (RGF.iS).mp3:TOC.WMV
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk => C:\Windows\pss\Snapfish Media Detector.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Facebook Update => "C:\Users\Arthur\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LightShot => C:\Users\Arthur\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Arthur\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/31/2014 10:46:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (08/31/2014 10:46:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (08/31/2014 10:18:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (08/31/2014 10:18:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (08/31/2014 00:00:32 PM) (Source: MsiInstaller) (EventID: 11316) (User: Arthur-PC)
Description: Product: IObit Apps Toolbar v9.6 -- Error 1316.The specified account already exists.
Error: (08/31/2014 11:56:58 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: PolicyAgent
Error: (08/31/2014 11:56:58 AM) (Source: Perflib) (EventID: 1005) (User: )
Description: OpenIPSecPerformanceDataC:\Windows\System32\ipsecsvc.dllPolicyAgent4
Error: (08/31/2014 11:56:58 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (08/31/2014 11:56:53 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (08/26/2014 01:10:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: Microsoft.SqlServer.Management.SmoMetadataProvider, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91 . Error code = 0x80070002
System errors:
=============
Error: (09/01/2014 09:44:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (09/01/2014 09:43:26 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {28778B62-8481-400D-8E8A-A4C81ED3F65C}
Error: (08/31/2014 11:55:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
Error: (08/31/2014 10:46:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (08/31/2014 10:46:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {28778B62-8481-400D-8E8A-A4C81ED3F65C}
Error: (08/31/2014 10:40:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Realtek Audio Service1
Error: (08/31/2014 10:19:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: LiveUpdate1
Error: (08/31/2014 10:19:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (08/31/2014 10:18:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {28778B62-8481-400D-8E8A-A4C81ED3F65C}
Error: (08/31/2014 11:52:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: RzKLService1
Microsoft Office Sessions:
=========================
Error: (08/31/2014 10:46:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\VstPlugins\Sugar Bytes\Turnado\Turnado x64.exe
Error: (08/31/2014 10:46:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\VstPlugins\Sugar Bytes\Turnado\Turnado x64.exe
Error: (08/31/2014 10:18:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\VstPlugins\Sugar Bytes\Turnado\Turnado x64.exe
Error: (08/31/2014 10:18:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\VstPlugins\Sugar Bytes\Turnado\Turnado x64.exe
Error: (08/31/2014 00:00:32 PM) (Source: MsiInstaller) (EventID: 11316) (User: Arthur-PC)
Description: Product: IObit Apps Toolbar v9.6 -- Error 1316.The specified account already exists.
(NULL)(NULL)(NULL)(NULL)
Error: (08/31/2014 11:56:58 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: PolicyAgent
Error: (08/31/2014 11:56:58 AM) (Source: Perflib) (EventID: 1005) (User: )
Description: OpenIPSecPerformanceDataC:\Windows\System32\ipsecsvc.dllPolicyAgent4
Error: (08/31/2014 11:56:58 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (08/31/2014 11:56:53 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (08/26/2014 01:10:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: Microsoft.SqlServer.Management.SmoMetadataProvider, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91 . Error code = 0x80070002
Microsoft.SqlServer.Management.SmoMetadataProvider, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91
CodeIntegrity Errors:
===================================
Date: 2014-09-01 11:21:11.031
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
Date: 2014-09-01 11:21:10.239
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
Date: 2014-09-01 11:21:09.387
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
Date: 2014-09-01 11:21:08.589
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
Date: 2014-09-01 11:20:13.341
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
Date: 2014-09-01 11:20:12.495
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
Date: 2014-09-01 11:20:11.675
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
Date: 2014-09-01 11:20:10.885
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
Date: 2014-09-01 11:18:32.529
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20140821.007\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-09-01 11:18:31.756
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20140821.007\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Pentium® Dual CPU E2140 @ 1.60GHz
Percentage of memory in use: 66%
Total physical RAM: 2037.77 MB
Available physical RAM: 678.65 MB
Total Pagefile: 4316.82 MB
Available Pagefile: 2688 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.11 MB
==================== Drives ================================
Drive c: (HP) (Fixed) (Total:289.28 GB) (Free:154.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:8.81 GB) (Free:1.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=289.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
My boot time seems normal now. Not fast not slow.
Edited by kingkeef, 01 September 2014 - 09:33 AM.