Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

computer acting real slow [Closed]


  • This topic is locked This topic is locked

#1
kingkeef

kingkeef

    Member

  • Member
  • PipPip
  • 29 posts

Ran some MBAM, AdwCleaner, and JTR scans and it's still not as fast as I want it to be. I know theres some adware hiding on my computer and I want to tweak it and make it faster. Also AS6 might have messed something up in my registry because my computer takes forever to bootup... 

 

EDIT: Posting OTL in a sec. Not receiving help on other forums either.


Edited by kingkeef, 28 August 2014 - 06:34 PM.

  • 0

Advertisements


#2
kingkeef

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OTL logfile created on: 8/28/2014 8:33:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Arthur\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.23 Gb Available Physical Memory | 11.79% Memory free
4.22 Gb Paging File | 2.35 Gb Available in Paging File | 55.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.28 Gb Total Space | 121.28 Gb Free Space | 41.92% Space Free | Partition Type: NTFS
Drive D: | 8.81 Gb Total Space | 1.19 Gb Free Space | 13.55% Space Free | Partition Type: NTFS
 
Computer Name: ARTHUR-PC | User Name: Arthur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/28 20:33:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arthur\Downloads\OTL.exe
PRC - [2014/08/19 18:16:33 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/07/31 17:03:57 | 000,276,376 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe
PRC - [2014/01/22 18:05:25 | 000,250,072 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
PRC - [2014/01/22 18:05:22 | 001,003,224 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/17 06:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/11/22 13:36:18 | 000,105,448 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
PRC - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/06/02 19:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/02 19:50:32 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/19 03:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\schtasks.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 07:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/19 18:16:31 | 000,331,592 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.94\ppgooglenaclpluginchrome.dll
MOD - [2014/08/19 18:16:29 | 008,577,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.94\pdf.dll
MOD - [2014/08/19 18:16:23 | 001,660,232 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.94\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/07/31 17:03:57 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe -- (NIS)
SRV - [2014/01/22 18:05:25 | 000,250,072 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
SRV - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/17 06:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/12/02 11:58:48 | 002,151,232 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/11/22 13:36:18 | 000,105,448 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files\Razer\Razer Game Booster\RzKLService.exe -- (RzKLService)
SRV - [2013/10/08 22:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/06/14 18:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/11/23 19:43:14 | 003,918,216 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/06/02 19:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva407.sys -- (XDva407)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva406.sys -- (XDva406)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva384.sys -- (XDva384)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\vtany.sys -- (vtany)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/08/26 12:54:07 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2014/08/25 16:43:44 | 000,395,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20140825.001\IDSvix86.sys -- (IDSVix86)
DRV - [2014/08/18 18:20:25 | 001,138,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20140821.007\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/08/11 03:42:03 | 001,636,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140827.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/08/11 03:42:00 | 000,095,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140827.008\NAVENG.SYS -- (NAVENG)
DRV - [2014/07/23 01:13:11 | 000,384,728 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1505000.013\symtdiv.sys -- (SYMTDIv)
DRV - [2014/07/23 01:13:10 | 000,936,152 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\NIS\1505000.013\SymEFA.sys -- (SymEFA)
DRV - [2014/07/23 01:13:09 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\NIS\1505000.013\SymDS.sys -- (SymDS)
DRV - [2014/07/23 00:50:59 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1505000.013\Ironx86.sys -- (SymIRON)
DRV - [2014/07/23 00:50:26 | 000,664,280 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1505000.013\srtsp.sys -- (SRTSP)
DRV - [2014/07/23 00:50:26 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1505000.013\srtspx.sys -- (SRTSPX)
DRV - [2014/06/08 23:31:03 | 000,109,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/06/04 03:33:23 | 000,377,648 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/02/20 19:14:34 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1505000.013\ccSetx86.sys -- (ccSet_NIS)
DRV - [2014/01/22 18:09:25 | 000,211,160 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2013/04/04 15:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/20 00:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/20 00:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010/02/08 03:54:33 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/06/10 07:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/05/08 06:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 06:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/10/01 08:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tap0801.sys -- (tap0801)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/01/02 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{B8D1CD51-7BF1-46C4-8AB3-FF188CFDC9E8}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{F19C2718-2571-4319-807E-80B00C0057DD}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{71B9D90B-4333-473A-ACEA-544A21CBBDC2}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{B8D1CD51-7BF1-46C4-8AB3-FF188CFDC9E8}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{BA56C4A6-3FEB-4774-BB3C-7FF707BEB11E}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{F19C2718-2571-4319-807E-80B00C0057DD}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 190.75.135.155:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledAddons: [email protected]:2.8
FF - prefs.js..extensions.enabledAddons: {58d2a791-6199-482f-a9aa-9b725ec61362}:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:8.9
FF - prefs.js..network.proxy.backup.ftp: "118.97.20.221"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "118.97.20.221"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "118.97.20.221"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "202.137.11.185"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "202.137.11.185"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "202.137.11.185"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "202.137.11.185"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Arthur\AppData\Local\Roblox\Versions\version-38d9c3e04e394773\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Arthur\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn\ [2014/08/28 20:27:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/31 18:57:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.28\coFFFw\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF [2014/08/26 13:10:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/07 18:42:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/22 17:15:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2012/02/29 20:28:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins [2014/01/22 17:15:09 | 000,000,000 | ---D | M]
 
[2011/01/03 20:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arthur\AppData\Roaming\Mozilla\Extensions
[2014/08/26 11:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default\extensions
[2013/01/04 20:48:22 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/12/11 18:25:55 | 000,000,905 | ---- | M] () -- C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default\searchplugins\yahoo_ff.xml
[2012/07/16 16:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
File not found (No name found) -- C:\USERS\ARTHUR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OCT94GGB.DEFAULT\EXTENSIONS\{58D2A791-6199-482F-A9AA-9B725EC61362}
File not found (No name found) -- C:\USERS\ARTHUR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OCT94GGB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\ARTHUR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OCT94GGB.DEFAULT\EXTENSIONS\[email protected]
[2012/06/14 18:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: https://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\37.0.2062.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\37.0.2062.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\37.0.2062.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin7.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - default_search_provider: B240397A4E413C30736B3E768AE2D9C59F3207FDC220EA1DDEA3736242AB1E5A (Enabled)
CHR - default_search_provider: search_url = D1B21049CEB6775166DCBD5302E8E15CA83A362C008C9D8E8EE5FC6BB5A06066
CHR - default_search_provider: suggest_url = 
CHR - homepage: 8CDC176E27673E20329BB26F5E6BDB3E16E996ECC866B8683625D7CFAD327A60
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tampermonkey = C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.8.52_0\
CHR - Extension: AdBlock = C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.4_0\
CHR - Extension: HF Script - HF Post Helper = C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\jogmnmcfegjicllgiddhmbbbhfgpbpbf\1.2_0\
CHR - Extension: Qmee = C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde\0.9.37_0\
CHR - Extension: Hack Forums Ban reason on profile = C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\mefpgdcjkcgkgngidncefmnphmjfacja\1.0_0\
CHR - Extension: HF Scripts - Scammer Warning = C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnlophkmnjdlhjmkcekckmangkgkain\1.1.0_0\
CHR - Extension: Google Wallet = C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo> = C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: 4chan Plus = C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\3.0.6_0\
CHR - Extension: Gmail = C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/04/09 17:34:10 | 000,000,809 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 roblox.com
O1 - Hosts: 127.0.0.1 www.roblox.com
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.5.0.19\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.5.0.19\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {63BCF187-B6FC-478D-9CD3-0A416995A59C} http://wsm.wayi.com....ientATXCtrl.cab (ClientATXCtrl Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.40.2)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.40.2)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://ec2-174-129-1...eivers/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A06B0ED-A66A-4C2C-B7D8-09A746173671}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Arthur\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Arthur\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/15 17:56:15 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{aa4d64e3-960b-11e0-8bbb-001d6072e52c}\Shell - "" = AutoRun
O33 - MountPoints2\{aa4d64e3-960b-11e0-8bbb-001d6072e52c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/26 13:04:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2014/08/22 18:15:17 | 000,000,000 | ---D | C] -- C:\3522ebabf596f83325ebc3881962
[2014/08/22 17:24:15 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/08/22 17:21:23 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/22 17:05:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/08/22 16:39:31 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Arthur\Desktop\JRT (1).exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/28 20:28:24 | 000,001,783 | ---- | M] () -- C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series.lnk
[2014/08/28 20:28:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/28 20:26:32 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/28 20:26:32 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/28 20:26:20 | 000,441,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/08/28 20:26:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/28 00:14:27 | 002,524,251 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1505000.013\Cat.DB
[2014/08/28 00:07:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/28 00:05:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2014/08/27 23:12:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-2954682461-3353532526-1526713206-1000.job
[2014/08/27 21:58:05 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2954682461-3353532526-1526713206-1000UA.job
[2014/08/27 05:47:21 | 000,043,689 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1505000.013\VT20140827.005
[2014/08/26 18:58:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2954682461-3353532526-1526713206-1000Core.job
[2014/08/26 13:04:30 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/08/26 12:54:07 | 000,142,936 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2014/08/26 12:54:07 | 000,008,194 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2014/08/26 12:54:07 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2014/08/26 11:21:55 | 000,708,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/08/26 11:21:55 | 000,144,318 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/08/22 16:39:19 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Arthur\Desktop\JRT (1).exe
[2014/08/01 15:43:11 | 000,069,191 | ---- | M] () -- C:\Users\Arthur\Desktop\Screenshot_1.png
[2014/08/01 15:31:32 | 000,070,875 | ---- | M] () -- C:\Users\Arthur\Desktop\1150990_266400513533245_354621318_n.jpg
[2014/07/31 17:09:10 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1505000.013\isolate.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/01 15:43:10 | 000,069,191 | ---- | C] () -- C:\Users\Arthur\Desktop\Screenshot_1.png
[2014/08/01 15:31:22 | 000,070,875 | ---- | C] () -- C:\Users\Arthur\Desktop\1150990_266400513533245_354621318_n.jpg
[2014/01/22 18:05:22 | 000,693,329 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2014/01/20 18:32:22 | 000,000,096 | ---- | C] () -- C:\Users\Arthur\AppData\Roaming\wklnhst.dat
[2013/12/10 19:05:24 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2013/09/30 00:05:15 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/09/23 17:36:36 | 000,000,115 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/04/17 16:27:55 | 000,000,438 | ---- | C] () -- C:\Users\Arthur\AppData\Local\UserProducts.xml
[2013/04/14 12:21:05 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2012/11/28 15:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/11/28 15:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/11/28 15:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/11/28 15:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/11/28 15:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/07/27 10:36:27 | 000,000,600 | ---- | C] () -- C:\Users\Arthur\PUTTY.RND
[2012/01/01 18:45:10 | 001,626,440 | -H-- | C] () -- C:\Users\Arthur\AppData\Roaming\{5F34F0D4-83D9-419D-B5D8332841B37336}
[2011/12/04 11:00:55 | 000,015,819 | ---- | C] () -- C:\Users\Arthur\CrossFire_1080.dlbt
[2011/06/12 11:17:29 | 000,000,552 | ---- | C] () -- C:\Users\Arthur\AppData\Local\d3d8caps.dat
[2011/03/25 16:59:37 | 000,005,892 | ---- | C] () -- C:\Users\Arthur\AppData\Local\d3d9caps.dat
[2011/03/09 20:52:58 | 000,010,240 | ---- | C] () -- C:\Users\Arthur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 09:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/02/26 17:29:19 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\AnvSoft
[2014/03/22 22:32:05 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\FlowStone
[2011/08/23 12:00:46 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\FreeHideIP
[2012/12/10 21:56:00 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\Gyazo
[2012/01/03 21:59:26 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\ijjigame
[2012/09/27 21:23:29 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\Image-Line
[2014/01/07 20:14:25 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\IObit
[2014/05/19 20:27:11 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\iZotope
[2014/01/12 11:56:25 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\Litecoin
[2011/12/04 14:20:59 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\ManyCam
[2013/11/18 17:11:31 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\MultiBit
[2011/12/04 14:24:49 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\ooVoo Details
[2012/10/02 18:36:22 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\Remote Utilities Files
[2013/04/05 07:06:57 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\Samsung
[2010/12/27 22:44:57 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\Snapfish
[2013/06/05 18:01:10 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\Spotify
[2012/11/11 11:41:41 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\SystemRequirementsLab
[2013/04/04 22:20:30 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\TeamViewer
[2012/10/03 20:20:22 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\TechSmith
[2014/01/20 18:32:24 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\Template
[2011/09/19 20:12:15 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\Tific
[2012/05/18 16:51:37 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\TS3Client
[2014/05/22 17:16:10 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\uTorrent
[2010/12/29 11:09:20 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Arthur\Desktop\Gucci Mane & Cheif Keef - Top of Trash  (RGF.iS).mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Arthur\Desktop\Calm-Down.MP3:TOC.WMV
 
< End of report >
 
 
 
 
 
 
 

OTL Extras logfile created on: 8/28/2014 8:33:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Arthur\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.23 Gb Available Physical Memory | 11.79% Memory free
4.22 Gb Paging File | 2.35 Gb Available in Paging File | 55.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.28 Gb Total Space | 121.28 Gb Free Space | 41.92% Space Free | Partition Type: NTFS
Drive D: | 8.81 Gb Total Space | 1.19 Gb Free Space | 13.55% Space Free | Partition Type: NTFS
 
Computer Name: ARTHUR-PC | User Name: Arthur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Xion.Enqueue] -- Reg Error: Key error.
Directory [Xion.Play] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28734707-958C-4152-A65E-9FA1AA2351AF}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{3B5376B0-67AC-4A7A-92ED-981DD16430D8}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 | 
"{4DE27DFB-6C07-4009-9550-F9E145CE6625}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5DAFC348-9B53-4F8B-8D5B-0A456BD4610A}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 | 
"{5EAF70EE-4318-4463-9F79-5CA5247A32BE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{63C6DB32-BD17-40AE-85F6-A7E18171F0BF}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 | 
"{C77BC1D2-BA01-44C4-840F-5D5BF6986181}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 | 
"{CBF92638-E66C-434E-BB8F-FE83281F0293}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 | 
"{EE0E28D4-DA7E-43F1-B852-8ED4A0AACFEA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F4A4D7-28E7-4E33-9BA2-D1B08AC068E5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{0A9C29D7-D2E3-4265-878D-B3F4DD135E0A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{14342B79-3D98-4B9A-AC15-4E606DA88069}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe | 
"{19E9C126-6B2F-4B49-AFA9-8234E0D69FF3}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\devicesetup.exe | 
"{21BCBC32-63EE-4426-BC28-8F7CE1A18568}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{259B2AE0-91A5-4569-852F-DAD6A75E8699}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe | 
"{260A6EB3-3052-4619-9A14-E52276FB7B21}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{274DE244-FD6E-49AC-9A1C-1EA7C5D5C73D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{32D6948B-E6AD-4BFF-9C1C-CBA7A990EE44}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{3BDFB243-D571-411E-87EE-FD80E9796F6B}" = protocol=6 | dir=in | app=c:\users\arthur\appdata\roaming\utorrent\utorrent.exe | 
"{3DB8DE41-6E9E-45F9-A38B-27F1D2A457FD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{4D79DF55-F2D7-4897-9E7B-D73659664F25}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{60D146A6-53EA-4FEE-B715-DCC73E807753}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{71A3CAF0-CC04-49B0-B489-9206357B7F31}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicator.exe | 
"{74F8C0DC-44E1-4236-A74E-459B0D537FA4}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe | 
"{79C36FF0-438E-4A62-9E52-337727762EE6}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{7A61CB71-ED3F-4A42-A4A2-AEAE7D2AD001}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{7F1123FC-5029-4D7F-88A6-B6B41CD73052}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicatorcom.exe | 
"{80CE274F-4F11-4E45-974D-C70103D33373}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe | 
"{862CCDB8-C115-49AB-9718-77CD29BB5F15}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{88F2C7F6-3391-4600-A9B3-3106DCD9980B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe | 
"{8C0E9A56-AAEE-4A6D-B5DD-F733716635BD}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{95BE7E00-9408-4E2F-AD3C-2A64C2AD01F8}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{9E6BFA1F-3874-4FA3-B674-57DDDCD706B6}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{A2EACD28-50CA-4743-9B34-11B1A24479C8}" = dir=in | app=c:\users\arthur\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{AEB620BA-1880-4D81-BC89-ABB7BE060604}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{B277AB5C-8A9A-40A9-BF1D-21C78177D567}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{BE6BF345-AEFC-4E23-AA3D-DD3A8D818D9A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CCB874CB-5D72-4871-B096-290BDE69BC37}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D145B527-ACD4-4FB3-A373-34316A5A6C8D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{DB495831-5745-4BE7-8D4F-4FEBFA0B3E51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DEF65717-212D-4535-9FA2-9C30833D0656}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe | 
"{F6CF4349-934B-4022-B1EE-993E88FAF29B}" = protocol=17 | dir=in | app=c:\users\arthur\appdata\roaming\utorrent\utorrent.exe | 
"{FCFE7CEF-A372-4AC7-9749-37CD2C3D9AD1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 67
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A2F13C3-F5C2-416B-AB75-68EAA4A5BC66}" = IObit Apps Toolbar v9.6
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7137E26A-10F7-4B1C-9980-0893579E92DA}" = HP Photosmart 5520 series Help
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99DF5A53-EA8F-38FD-9D61-36F073768BB9}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe  1.8.15.1
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B58FBD4F-C69A-41C1-94AC-1A47AD946C91}" = HP Photosmart 5520 series Product Improvement Study
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BAFFEF7F-08B3-45b3-B215-418175C4E9DD}" = c5200_Help
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEE8AFD4-907F-4BD5-B2E9-6606291415E8}_is1" = FREE Word and Excel password recovery Wizard version 2.1.15
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1" = ODT Viewer version 1.0
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files 
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E0891DC0-EC05-45F9-9959-64207AB75E6D}" = Remote Utilities - Viewer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8ED5ADB-3EB5-4890-85F6-0FEA13A47EEE}" = HP Photosmart 5520 series Basic Device Software
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE2D627E-D7E0-46EA-93A6-8583420285FA}" = Aeria Ignite
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.13.3296" = Aeria Ignite
"ASIO4ALL" = ASIO4ALL
"Audjoo Helix_is1" = Audjoo Helix 1.0
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Cross Fire_is1" = Cross Fire En
"DivX Setup.divx.com" = DivX Setup
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"FL Studio " = FL Studio  10.0.2
"FL Studio 10" = FL Studio 10
"FL Studio 11" = FL Studio 11
"FlowStone" = FlowStone FL 3.0
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photo Creations" = HP Photo Creations
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Lennar Digital Sylenth VSTi v1.2.1" = Lennar Digital Sylenth VSTi v1.2.1
"Luxonix Purity VSTi_is1" = Luxonix Purity VSTi v1.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"ManyCam" = ManyCam 2.6.60 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiBit 0.5.14" = MultiBit 0.5.14
"MultiBit 0.5.17" = MultiBit 0.5.17
"Native Instruments Massive" = Native Instruments Massive
"NIS" = Norton Internet Security
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PROSet" = Intel® Network Connections Drivers
"Razer Game Booster_is1" = Razer Game Booster
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"reFX Vanguard_is1" = reFX Vanguard VSTi RTAS v1.8.0
"Rhapsody" = Rhapsody
"Soldier Front" = Soldier Front
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 9" = TeamViewer 9
"Test Drive 5" = Test Drive 5
"Tone2 Gladiator VSTi_is1" = Tone2 Gladiator VSTi v2.2
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/22/2014 5:48:26 PM | Computer Name = Arthur-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 8/22/2014 5:48:28 PM | Computer Name = Arthur-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 8/22/2014 5:48:43 PM | Computer Name = Arthur-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 8/26/2014 11:07:39 AM | Computer Name = Arthur-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\VstPlugins\Sugar
 Bytes\Turnado\Turnado x64.exe".  Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 8/26/2014 11:07:39 AM | Computer Name = Arthur-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\VstPlugins\Sugar
 Bytes\Turnado\Turnado x64.exe".  Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 8/26/2014 11:47:29 AM | Computer Name = Arthur-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 8/26/2014 1:01:28 PM | Computer Name = Arthur-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\VstPlugins\Sugar
 Bytes\Turnado\Turnado x64.exe".  Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 8/26/2014 1:01:28 PM | Computer Name = Arthur-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\VstPlugins\Sugar
 Bytes\Turnado\Turnado x64.exe".  Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 8/26/2014 1:10:43 PM | Computer Name = Arthur-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 8/26/2014 1:10:45 PM | Computer Name = Arthur-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
[ System Events ]
Error - 8/26/2014 11:32:54 AM | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 8/26/2014 11:41:10 AM | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 8/26/2014 1:00:40 PM | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 8/26/2014 1:01:04 PM | Computer Name = Arthur-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 8/26/2014 1:01:29 PM | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 8/27/2014 8:08:46 PM | Computer Name = Arthur-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 8/27/2014 8:09:00 PM | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 8/27/2014 8:09:01 PM | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 8/28/2014 8:27:13 PM | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 8/28/2014 8:28:28 PM | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >
 

Edited by kingkeef, 28 August 2014 - 07:17 PM.

  • 0

#3
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Kingkeef -

 

I assisted you here very recently. You were clean of malware. At this point if you are having slow boot issues I suggest you work with the experts in the Windows 7 forum.

 

Thank you.


  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Kingkeef -

 

I wanted to apologize. I see that this is a completely different machine than the one I assisted you with earlier. Let's see if we can see what's going on with this one. I'll review and get back to you shortly.


  • 0

#5
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I reviewed the logs. Please read the information below.

 

Step#1 - Warnings

 

1. The Dangers of P2P Programs

IMPORTANT: I noticed that you have a P2P (Person to Person) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

 

FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers

 

I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

 

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.

 

Please uninstall the following Peer-to-Peer program(s): uTorrent

 

 

Pando Media Booster Advice:

I see you have Pando Media Booster installed, maybe intentionally and or came with one of your installed games for example. Technically this type of software is based upon peer to peer technology and you can never really be sure what it is purportedly downloading is always safe. Plus it does not always make that much of a improvement with downloading.

My friendly advice is if you do not really use it, merely uninstall. However this is your choice to do so or not and at the end of the day I respect whomever I assist with what they wish to have installed on their respective machines.

 

 

2. CCleaner
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.

 

3. Low Memory

Your computer only has 2GB of memory. Based on what you have running on your computer it isn't enough to run efficiently. For example following are some programs you have installed and what their memory requirements are.

 

Vista Home Premium -  1 GB

Norton Internet Security - 256 MB

Google Chrome - 512 MB

Razer Game Booster - 256 MB

Malwarebytes - 1GB

 

As you can see you are already over the 2 GB limit (1000 MB = 1 GB) and that's not all that you have installed. If you don't need Razer Game Booster I suggest you uninstall it since it starts up with your computer and would contribute to the total boot time. Also, since you are done running your Malwarebytes scans please uninstall this software as well since it's an older version. We will install a newer version if we use it later.

 

Lastly, Windows Vista doesn't manage memory as well as Windows 7/8 so you may want to consider upgrading your memory to 4GB as 2GB is simply not enough. You can determine what you need to purchase by going to Crucial.

 

4. Windows Defender Conflict

Windows Defender is currently enabled. It shouldn't be since you have Norton Internet Security as they can conflict and contribute to slow boots of the computer. If you know how to disable this service please do and let me know. If not I'll include this in the fix I provide so again please let me know if you are able to do this.

 

Step#2 - Questions

 

Before I provide a fix I need answers to a few questions.

  1. Are you aware of a proxy being set on your computer? If you don't know what this is then it's likely the answer will be no.
  2. Are you intentionally blocking the website roblox.com?
  3. Do you use Teamviewer?

 

Step#3 - Removals

  1. Please uninstall IObit Apps Toolbar v9.6 from Programs/Features in your control panel.

 

Thank you.


  • 0

#6
kingkeef

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

1. I will remove uTorrent in the very near future. I removed Pando Media Booster, CCleaner, MBAM, and Razer Game Booster. It already says that Windows Defender is disabled... I wont touch this.

 

2. No proxy.. but I believe I may have a VPN .. Yes I am intentionally blocking that website.. and yes I occasionally use TV.

 

3. it gives me an error when uninstalling that.. 

Attached Thumbnails

  • Error.png

Edited by kingkeef, 31 August 2014 - 10:02 AM.

  • 0

#7
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, thank you for the information. Please follow the instructions below.

 

Step#1 - OTL Fix

1. Right click on OTL.exe and choose Run as administrator.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.

:Commands
[CreateRestorePoint]

 

:OTL
SRV - [2013/12/02 11:58:48 | 002,151,232 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 190.75.135.155:8080
FF - prefs.js..extensions.enabledAddons: [email protected]:2.8
FF - prefs.js..extensions.enabledAddons: {58d2a791-6199-482f-a9aa-9b725ec61362}:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:8.9
FF - prefs.js..network.proxy.backup.ftp: "118.97.20.221"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "118.97.20.221"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "118.97.20.221"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "202.137.11.185"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "202.137.11.185"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "202.137.11.185"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "202.137.11.185"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 1
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Arthur\AppData\Local\Roblox\Versions\version-38d9c3e04e394773\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
File not found (No name found) -- C:\USERS\ARTHUR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OCT94GGB.DEFAULT\EXTENSIONS\{58D2A791-6199-482F-A9AA-9B725EC61362}
File not found (No name found) -- C:\USERS\ARTHUR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OCT94GGB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\ARTHUR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OCT94GGB.DEFAULT\EXTENSIONS\[email protected]
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - default_search_provider: B240397A4E413C30736B3E768AE2D9C59F3207FDC220EA1DDEA3736242AB1E5A (Enabled)
CHR - default_search_provider: search_url = D1B21049CEB6775166DCBD5302E8E15CA83A362C008C9D8E8EE5FC6BB5A06066
CHR - homepage: 8CDC176E27673E20329BB26F5E6BDB3E16E996ECC866B8683625D7CFAD327A60
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll File not found
O4 - HKLM..\Run: []  File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

 

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A2F13C3-F5C2-416B-AB75-68EAA4A5BC66}]

 

:Files
C:\Program Files\IObit
C:\Users\Arthur\AppData\Roaming\IObit

netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

 

:Commands
[EmptyTemp]

 

 

 

3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

 

Step#2 - Rootkit check

1. Download aswMBR to your desktop.
2. Double click the aswMBR.exe to run it.

3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Don't delete it.

 

Step#3 - Verify your Logs

You mentioned you ran AdwCleaner already. Would you mind posting the contents of that log?

You can find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt[/*] or named something very similar.

 

 

Step#4- FRST Log

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the 32-bit Version so please ensure you download that one.

2. Right click and select Run as administrator. When the tool opens click Yes to disclaimer.

3. Press Scan button.

4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)

5. Please copy and paste log back here.

6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Step#5 - How is your boot time now?

Any better?

 

  

 

Items for your next post

1. OTL Fix log

2. aswMBR log

3. AdwCleaner log

4. Contents of the FRST and Additions logs

5. How's your boot time?


  • 0

#8
kingkeef

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

1. All processes killed

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service LiveUpdateSvc stopped successfully!
Service LiveUpdateSvc deleted successfully!
C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: [email protected]:2.8 removed from extensions.enabledAddons
Prefs.js: {58d2a791-6199-482f-a9aa-9b725ec61362}:1.0 removed from extensions.enabledAddons
Prefs.js: [email protected]:1.0 removed from extensions.enabledAddons
Prefs.js: [email protected]:8.9 removed from extensions.enabledAddons
Prefs.js: "118.97.20.221" removed from network.proxy.backup.ftp
Prefs.js: 3128 removed from network.proxy.backup.ftp_port
Prefs.js: "118.97.20.221" removed from network.proxy.backup.socks
Prefs.js: 3128 removed from network.proxy.backup.socks_port
Prefs.js: "118.97.20.221" removed from network.proxy.backup.ssl
Prefs.js: 3128 removed from network.proxy.backup.ssl_port
Prefs.js: "202.137.11.185" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "202.137.11.185" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "202.137.11.185" removed from network.proxy.socks
Prefs.js: 3128 removed from network.proxy.socks_port
Prefs.js: "202.137.11.185" removed from network.proxy.ssl
Prefs.js: 3128 removed from network.proxy.ssl_port
Prefs.js: 1 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
File C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@nsroblox.roblox.com/launcher\ deleted successfully.
File move failed. C:\Users\Arthur\AppData\Local\Roblox\Versions\version-38d9c3e04e394773\\NPRobloxProxy.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin\ not found.
File C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
File C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aeriagames.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aeriagames.com\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A2F13C3-F5C2-416B-AB75-68EAA4A5BC66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A2F13C3-F5C2-416B-AB75-68EAA4A5BC66}\ not found.
========== FILES ==========
C:\Program Files\IObit\Surfing Protection\Update folder moved successfully.
C:\Program Files\IObit\Surfing Protection\Database folder moved successfully.
C:\Program Files\IObit\Surfing Protection\BrowerProtect folder moved successfully.
C:\Program Files\IObit\Surfing Protection folder moved successfully.
C:\Program Files\IObit\LiveUpdate\update\Uninstaller folder moved successfully.
C:\Program Files\IObit\LiveUpdate\update\Surfing Protection\Database folder moved successfully.
C:\Program Files\IObit\LiveUpdate\update\Surfing Protection folder moved successfully.
C:\Program Files\IObit\LiveUpdate\update\ASCandU folder moved successfully.
C:\Program Files\IObit\LiveUpdate\update folder moved successfully.
C:\Program Files\IObit\LiveUpdate\Language folder moved successfully.
C:\Program Files\IObit\LiveUpdate folder moved successfully.
C:\Program Files\IObit\IObit Uninstaller folder moved successfully.
C:\Program Files\IObit\Game Booster 3\Update folder moved successfully.
C:\Program Files\IObit\Game Booster 3\LatestNews folder moved successfully.
C:\Program Files\IObit\Game Booster 3 folder moved successfully.
C:\Program Files\IObit\Game Booster\Update folder moved successfully.
C:\Program Files\IObit\Game Booster\LatestNews folder moved successfully.
C:\Program Files\IObit\Game Booster\Downloadpath folder moved successfully.
C:\Program Files\IObit\Game Booster folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\Update folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\Temp folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\LatestNews folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\Database folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\BootTimeLog folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCServiceLog folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\Antivirus\Scan folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\Antivirus\Plugins folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\Antivirus\BackupRec folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\Antivirus folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare Ultimate 7 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\Update\Database folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\Update folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\Toolbox_Download folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\Toolbar folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\LatestNews folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\images folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\BootTimeLog folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\ASCServiceLog folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 5\Update folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 5\LatestNews folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 5\BootTimeLog folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 5\ASCServiceLog folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 5 folder moved successfully.
C:\Program Files\IObit folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Game Booster folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Driver Booster\Logs folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Driver Booster\License folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Driver Booster folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V7\ProgramDeactivator folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V7\Internet Booster folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V7\Boottime folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V6\SmartRAM folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V5\Log folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V5\Backup folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\Arthur\AppData\Roaming\IObit folder moved successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Arthur\Desktop\cmd.bat deleted successfully.
C:\Users\Arthur\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Arthur\Desktop\cmd.bat deleted successfully.
C:\Users\Arthur\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Arthur
->Temp folder emptied: 154927623 bytes
->Temporary Internet Files folder emptied: 7051217 bytes
->Java cache emptied: 5105294 bytes
->FireFox cache emptied: 48180287 bytes
->Google Chrome cache emptied: 368886500 bytes
->Flash cache emptied: 683 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 296558362 bytes
RecycleBin emptied: 32980903 bytes
 
Total Files Cleaned = 871.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08312014_224002
 
Files\Folders moved on Reboot...
File\Folder C:\Users\Arthur\AppData\Local\Roblox\Versions\version-38d9c3e04e394773\\NPRobloxProxy.dll not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#9
kingkeef

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Lol during the aswMBR scan my Norton Auto-Protect detected a Trojan.Gen in a .dll which was removed (it seems this was a fake .dll file downloaded from a fake website)

Other scans will be complete tomorrow

Edited by kingkeef, 31 August 2014 - 10:56 PM.

  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I should have told you to disable Norton's real-time protection while you ran the aswMBR scan. If you have issues running it please do that. Thank you.


  • 0

Advertisements


#11
kingkeef

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
2.

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-01 09:49:44
-----------------------------
09:49:44.184    OS Version: Windows 6.0.6002 Service Pack 2
09:49:44.184    Number of processors: 2 586 0xF0D
09:49:44.185    ComputerName: ARTHUR-PC  UserName: Arthur
09:50:01.303    Initialize success
09:50:01.629    VM: initialized successfully
09:50:01.674    VM: Intel CPU virtualization not supported 
09:50:52.416    AVAST engine defs: 14083101
09:51:05.451    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:51:05.454    Disk 0 Vendor: Hitachi_ V54O Size: 305245MB BusType: 3
09:51:06.204    Disk 0 MBR read successfully
09:51:06.207    Disk 0 MBR scan
09:51:06.249    Disk 0 unknown MBR code
09:51:06.299    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       296221 MB offset 63
09:51:06.341    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         9020 MB offset 606662595
09:51:06.386    Disk 0 scanning sectors +625137345
09:51:07.170    Disk 0 scanning C:\Windows\system32\drivers
09:51:34.157    Service scanning
09:51:36.907    Service BHDrvx86 C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20140821.007\BHDrvx86.sys **LOCKED** 5
09:51:37.910    Service ccSet_NIS C:\Windows\system32\drivers\NIS\1505000.013\ccSetx86.sys **LOCKED** 5
09:51:45.086    Service IDSVix86 C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20140829.001\IDSvix86.sys **LOCKED** 5
09:51:54.871    Service NAVENG C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140831.001\NAVENG.SYS **LOCKED** 5
09:51:55.120    Service NAVEX15 C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140831.001\NAVEX15.SYS **LOCKED** 5
09:52:03.594    Service SRTSPX C:\Windows\system32\drivers\NIS\1505000.013\SRTSPX.SYS **LOCKED** 5
09:52:04.738    Service SymDS C:\Windows\system32\drivers\NIS\1505000.013\SYMDS.SYS **LOCKED** 5
09:52:04.980    Service SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
09:52:05.147    Service SymIRON C:\Windows\system32\drivers\NIS\1505000.013\Ironx86.SYS **LOCKED** 5
09:52:05.219    Service SYMTDIv C:\Windows\System32\Drivers\NIS\1505000.013\SYMTDIV.SYS **LOCKED** 5
09:52:13.663    Modules scanning
09:52:52.790    Disk 0 trace - called modules:
09:52:52.804    ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
09:52:52.812    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86817968]
09:52:52.820    3 CLASSPNP.SYS[88dac8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84c74030]
09:52:54.237    AVAST engine scan C:\Windows
09:53:02.628    AVAST engine scan C:\Windows\system32
09:59:41.180    AVAST engine scan C:\Windows\system32\drivers
10:00:07.641    AVAST engine scan C:\Users\Arthur
10:51:52.309    AVAST engine scan C:\ProgramData
11:06:15.007    Scan finished successfully
11:08:11.415    Disk 0 MBR has been saved successfully to "C:\Users\Arthur\Desktop\MBR.dat"
11:08:11.423    The log file has been saved successfully to "C:\Users\Arthur\Desktop\aswMBR.txt"
 
 
3.

 
# AdwCleaner v3.308 - Report created 22/08/2014 at 17:32:02
# Updated 20/08/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Arthur - ARTHUR-PC
# Running from : C:\Users\Arthur\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\IObit Apps Toolbar
Folder Deleted : C:\Program Files\Skillbrains
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Users\Arthur\AppData\Local\Skillbrains
Folder Deleted : C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default\Conduit
Folder Deleted : C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
File Deleted : C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default\Extensions\[email protected]
File Deleted : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Driver Booster Scan
Task Deleted : Driver Booster Update
[x] Not Deleted : update-sys
[x] Not Deleted : update-S-1-5-21-2954682461-3353532526-1526713206-1000
[x] Not Deleted : update-sys
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [LightShot]
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SkillBrains
Key Deleted : HKLM\SOFTWARE\GoforFiles
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\SkillBrains
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16561
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v13.0.1 (en-US)
 
[ File : C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default\prefs.js ]
 
Line Deleted : user_pref("CT2786678..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Mon Nov 07 2011 19:57:18 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Line Deleted : user_pref("CT2786678.CTID", "CT2786678");
Line Deleted : user_pref("CT2786678.CurrentServerDate", "18-7-2012");
Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Tue Jul 17 2012 21:33:13 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Sat Feb 05 2011 18:07:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 205);
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Sat Feb 05 2011 18:07:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Sat Feb 05 2011 18:07:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Sat Feb 05 2011 18:07:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Sat Feb 05 2011 18:07:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Sat Feb 05 2011 18:07:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Sat Feb 05 2011 18:07:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Sat Feb 05 2011 18:07:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Sat Feb 05 2011 18:07:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Sat Feb 05 2011 18:07:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Sat Feb 05 2011 18:07:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Sat Feb 05 2011 18:07:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Line Deleted : user_pref("CT2786678.FirstServerDate", "6-2-2011");
Line Deleted : user_pref("CT2786678.FirstTime", true);
Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2786678.HomepageBeforeUnload", "hxxp://google.com/");
Line Deleted : user_pref("CT2786678.Initialize", true);
Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2786678.InstalledDate", "Sat Feb 05 2011 16:53:02 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2786678.IsGrouping", false);
Line Deleted : user_pref("CT2786678.IsMulticommunity", false);
Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Jul 17 2012 21:33:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.LastLogin_3.12.0.7", "Mon Jun 18 2012 18:14:15 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.LastLogin_3.13.0.6", "Tue Jul 17 2012 21:33:10 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.LastLogin_3.2.5.2", "Sun Mar 20 2011 21:32:34 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.LastLogin_3.3.3.2", "Sat Nov 05 2011 19:41:22 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.LastLogin_3.7.0.6", "Sun Jan 01 2012 16:47:02 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.LastLogin_3.8.1.0", "Sun Apr 22 2012 15:46:09 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.LatestVersion", "3.13.0.6");
Line Deleted : user_pref("CT2786678.Locale", "en");
Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2786678.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Tue Jul 17 2012 21:33:10 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Tue Jul 17 2012 21:33:10 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Tue Jul 17 2012 21:33:09 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1340118047");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Tue Jul 17 2012 21:33:09 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2786678.UserID", "UN18793852766269226");
Line Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2786678.WeatherNetwork", "");
Line Deleted : user_pref("CT2786678.WeatherPollDate", "Sat Feb 05 2011 18:07:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.WeatherUnit", "F");
Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Line Deleted : user_pref("CT2786678.approveUntrustedApps", false);
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B445D4B4C504A6259646C787A2[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473767577727676787D242F4B49474F42357D5D38512E48454A3E35405436504D52463D48553E58555A4E45505B46605D62564D58636F67506A676C602666");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D32293443525747472E594E513E27402F313133453C4756625C5C5D656169445F685B4873686B58415A494B4B4C5F56617020257425215[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F62666F6674605E4B766B6E5B445D4D4A52506259647722232[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e8x305", "247E3441402B327844393C29712B7A7C207D3027324740434E5550594D49574C565B535E36615659462F48383A3D3A4D444F64716F6B6267626A754D786D705D465F4F515450645B667B2[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Line Deleted : user_pref("CT2786678.backendstorage./[email protected]", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C786A517C7174614A6355544F566[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F7A6F725F48614F50504F665D6[...]
Line Deleted : user_pref("CT2786678.backendstorage./9b-0?3g>d", "6D3F6E41716B43737A424849752075497A4C254E7E237E2A23282524292C2D58295C5C30");
Line Deleted : user_pref("CT2786678.backendstorage./[email protected]:5;", "");
Line Deleted : user_pref("CT2786678.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
Line Deleted : user_pref("CT2786678.backendstorage./9b/>01=9a6k6<im;[email protected]", "676A6D7273747576");
Line Deleted : user_pref("CT2786678.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484778213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
Line Deleted : user_pref("CT2786678.backendstorage./9b5ba==9cjag", "6D6B6B3C707475407A71454676774A7D4A7C7D7C7E");
Line Deleted : user_pref("CT2786678.backendstorage./9b6b11g4c56b>f;p;[email protected]", "6E6D706F716C706F7775777579");
Line Deleted : user_pref("CT2786678.backendstorage./9b9643g3/9e", "6A");
Line Deleted : user_pref("CT2786678.backendstorage./9b<:222h64<", "393F352F3E");
Line Deleted : user_pref("CT2786678.backendstorage./9b=+03eh8h8j?:", "4443");
Line Deleted : user_pref("CT2786678.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("CT2786678.backendstorage./9b?b0d:8aj62<h", "6D");
Line Deleted : user_pref("CT2786678.backendstorage./[email protected]<0bi6a7gn:[email protected]?", "6E6B");
Line Deleted : user_pref("CT2786678.backendstorage.cb", "30");
Line Deleted : user_pref("CT2786678.backendstorage.cb_user_id_000", "43423233303239393934353238375F46697265666F78");
Line Deleted : user_pref("CT2786678.backendstorage.cbcountry_000", "5553");
Line Deleted : user_pref("CT2786678.backendstorage.cbcountry_001", "5553");
Line Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "4D6F6E204F637420303320323031312032313A34383A323420474D542D3034303020284561737465726E204461796C696768742054696D6529");
Line Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
Line Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E7479706563617374736F66742E636F6D2F666F72756D732F73686F777468726561642E7068703F322D4C61756E636865722D4C61746573742D56657273696F6[...]
Line Deleted : user_pref("CT2786678.backendstorage.url_history0001", "687474703A2F2F7777772E64657669616E746172742E636F6D2F75736572732F6F7574676F696E673F687474703A2F2F7777772E796F75747562652E636F6D2F77617463683F763D6[...]
Line Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333235343535303139353631");
Line Deleted : user_pref("CT2786678.components.1000034", false);
Line Deleted : user_pref("CT2786678.components.1000234", false);
Line Deleted : user_pref("CT2786678.components.129295698017012804", false);
Line Deleted : user_pref("CT2786678.components.129298376496232218", false);
Line Deleted : user_pref("CT2786678.components.129309485163350924", false);
Line Deleted : user_pref("CT2786678.components.129309489763975460", false);
Line Deleted : user_pref("CT2786678.components.129315411424256896", false);
Line Deleted : user_pref("CT2786678.components.5690698542593514850", false);
Line Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Tue Jul 17 2012 21:33:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2786678.initDone", true);
Line Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2786678.myStuffEnabled", true);
Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129789450454597254,1000034,129526967958500204,129309489763975460,5690698542593514850,129309485163350924,12931541142425[...]
Line Deleted : user_pref("CT2786678.revertSettingsEnabled", false);
Line Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2786678.testingCtid", "");
Line Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Jul 17 2012 21:33:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Tue Jul 17 2012 21:33:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"54c6f2799b3bb5aa6150c9cd1aef83e82\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1334471445\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:14f1\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"6a637346d78ccc1:1254\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"0d648794549cd1:1462\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0ee90707f77cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"5a3bfb736bf65ca0cca630a3f0917948\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634333631231730000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=CT2786678", "\"1321973053\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"1311517341\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"634432176643630000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"2292e5c1512a30b86b91a7e3313d799f\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Arthur\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\oct94ggb.default\\conduitCommon\\modules\\3.13.0.6");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.yahoo.com/?type=714647&fr=spigot-yhp-ff");
Line Deleted : user_pref("extensions.enabledItems", "{BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2,{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.2.3,{20a82645-c095-46ed-80e3-08825760534b}:1.1,[email protected]:3.3.3.2[...]
Line Deleted : user_pref("startpage.ntsearch_url", "hxxp://search.yahoo.com/search?ei=utf-8&fr=spigot-nt-ff&type=0&ilc=12&p={searchTerms}");
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj
Deleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp
Deleted [Extension] : pmlghpafmmnmmkjdhacccolfgnkiboco
 
*************************
 
AdwCleaner[R0].txt - [26217 octets] - [22/08/2014 17:22:49]
AdwCleaner[S0].txt - [26561 octets] - [22/08/2014 17:32:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26622 octets] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by Arthur (administrator) on ARTHUR-PC on 01-09-2014 11:15:20
Running from C:\Users\Arthur\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\WINDOWS\System32\schtasks.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Akamai Technologies, Inc.) C:\Users\Arthur\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Skillbrains) C:\Users\Arthur\AppData\Local\Skillbrains\lightshot\5.1.4.6\Lightshot.exe
(Akamai Technologies, Inc.) C:\Users\Arthur\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2014-01-22] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2008-06-02] (Intel Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44168 2007-04-03] (soft thinks)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2954682461-3353532526-1526713206-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2954682461-3353532526-1526713206-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Arthur\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2954682461-3353532526-1526713206-1000\...\Run: [LightShot] => C:\Users\Arthur\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] ()
HKU\S-1-5-21-2954682461-3353532526-1526713206-1000\...\MountPoints2: J - J:\LaunchU3.exe -a
HKU\S-1-5-21-2954682461-3353532526-1526713206-1000\...\MountPoints2: {aa4d64e3-960b-11e0-8bbb-001d6072e52c} - F:\LaunchU3.exe -a
Startup: C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5520 series.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {B8D1CD51-7BF1-46C4-8AB3-FF188CFDC9E8} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKLM - {F19C2718-2571-4319-807E-80B00C0057DD} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {71B9D90B-4333-473A-ACEA-544A21CBBDC2} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {B8D1CD51-7BF1-46C4-8AB3-FF188CFDC9E8} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKCU - {BA56C4A6-3FEB-4774-BB3C-7FF707BEB11E} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {F19C2718-2571-4319-807E-80B00C0057DD} URL = http://www.ask.com/w...}&l=dis&o=ushpd
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {63BCF187-B6FC-478D-9CD3-0A416995A59C} http://wsm.wayi.com....ientATXCtrl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://ec2-174-129-1...eivers/FMSI.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default
FF DefaultSearchEngine: Google
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", ""
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", ""
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", ""
FF NetworkProxy: "ftp", ""
FF NetworkProxy: "ftp_port", ""
FF NetworkProxy: "http", ""
FF NetworkProxy: "http_port", ""
FF NetworkProxy: "share_proxy_settings", ""
FF NetworkProxy: "socks", ""
FF NetworkProxy: "socks_port", ""
FF NetworkProxy: "ssl", ""
FF NetworkProxy: "ssl_port", ""
FF NetworkProxy: "type", ""
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Arthur\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default\searchplugins\yahoo_ff.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\oct94ggb.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-01-04]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2014-09-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-12-28]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-07-31]
FF HKLM\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.28\coFFFw
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF [2014-08-26]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSearchKeyword: Default -> 43378B18F170AFA78B97629211C952C6B336B8C0405B933F9B2A16ADA9C8C5D8
CHR DefaultSearchURL: Default -> D1B21049CEB6775166DCBD5302E8E15CA83A362C008C9D8E8EE5FC6BB5A06066
CHR CustomProfile: C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Tampermonkey) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-12-17]
CHR Extension: (AdBlock) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-11-20]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2012-09-27]
CHR Extension: (HF Script - HF Post Helper) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\jogmnmcfegjicllgiddhmbbbhfgpbpbf [2012-10-11]
CHR Extension: (Qmee) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2014-03-20]
CHR Extension: (Hack Forums Ban reason on profile) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\mefpgdcjkcgkgngidncefmnphmjfacja [2013-12-17]
CHR Extension: (HF Scripts - Scammer Warning) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnlophkmnjdlhjmkcekckmangkgkain [2012-07-30]
CHR Extension: (Google Wallet) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-07-31]
CHR Extension: (4chan Plus) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2012-02-29]
CHR Extension: (Gmail) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-26]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [3918216 2010-11-23] (INCA Internet Co., Ltd.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [250072 2014-01-22] (Realtek Semiconductor)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20140821.007\BHDrvx86.sys [1138480 2014-08-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1505000.013\ccSetx86.sys [127064 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-08] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20140829.001\IDSvix86.sys [476888 2014-08-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140831.022\NAVENG.SYS [95704 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140831.022\NAVEX15.SYS [1636696 2014-08-11] (Symantec Corporation)
S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1505000.013\SRTSP.SYS [664280 2014-07-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1505000.013\SRTSPX.SYS [32344 2014-07-23] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1505000.013\SYMDS.SYS [367704 2014-07-23] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1505000.013\SYMEFA.SYS [936152 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-08-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1505000.013\Ironx86.SYS [206936 2014-07-23] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1505000.013\SYMTDIV.SYS [384728 2014-07-23] (Symantec Corporation)
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project) [File not signed]
S3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2010-02-08] (Texas Instruments Incorporated) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 XDva384; \??\C:\Windows\system32\XDva384.sys [X]
S3 XDva385; \??\C:\Windows\system32\XDva385.sys [X]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [X]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]
S3 XDva406; \??\C:\Windows\system32\XDva406.sys [X]
S3 XDva407; \??\C:\Windows\system32\XDva407.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
U3 aswMBR; \??\C:\Users\Arthur\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Arthur\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-01 11:15 - 2014-09-01 11:20 - 00023302 _____ () C:\Users\Arthur\Desktop\FRST.txt
2014-09-01 11:14 - 2014-09-01 11:15 - 00000000 ____D () C:\FRST
2014-09-01 11:13 - 2014-09-01 11:13 - 01096704 _____ (Farbar) C:\Users\Arthur\Downloads\FRST.exe
2014-09-01 11:13 - 2014-09-01 11:13 - 01096704 _____ (Farbar) C:\Users\Arthur\Desktop\FRST.exe
2014-09-01 11:08 - 2014-09-01 11:08 - 00003150 _____ () C:\Users\Arthur\Desktop\aswMBR.txt
2014-09-01 11:08 - 2014-09-01 11:08 - 00000512 _____ () C:\Users\Arthur\Desktop\MBR.dat
2014-08-31 22:48 - 2014-08-31 22:48 - 05185536 _____ (AVAST Software) C:\Users\Arthur\Downloads\aswMBR.exe
2014-08-31 22:48 - 2014-08-31 22:48 - 05185536 _____ (AVAST Software) C:\Users\Arthur\Desktop\aswMBR.exe
2014-08-31 22:40 - 2014-08-31 22:40 - 00000000 ____D () C:\_OTL
2014-08-31 22:29 - 2014-08-31 22:29 - 00000000 ____D () C:\Users\Arthur\Documents\Lightshot
2014-08-31 11:56 - 2014-08-31 11:56 - 00231760 _____ () C:\Users\Arthur\Downloads\CrucialScan.exe
2014-08-31 11:55 - 2014-08-31 11:55 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Skillbrains
2014-08-31 11:55 - 2014-08-31 11:55 - 00000000 ____D () C:\Program Files\Skillbrains
2014-08-31 11:52 - 2014-08-31 11:53 - 02273984 _____ (Skillbrains ) C:\Users\Arthur\Downloads\setup-lightshot (3).exe
2014-08-29 11:22 - 2014-08-29 11:23 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Akamai
2014-08-28 21:14 - 2014-08-28 21:14 - 00087120 _____ () C:\Users\Arthur\Downloads\OTL.Txt
2014-08-28 21:14 - 2014-08-28 21:14 - 00054866 _____ () C:\Users\Arthur\Downloads\Extras.Txt
2014-08-28 20:33 - 2014-08-28 20:33 - 00602112 _____ (OldTimer Tools) C:\Users\Arthur\Desktop\OTL.exe
2014-08-28 00:13 - 2014-08-22 21:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 00:13 - 2014-08-22 19:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 13:04 - 2014-08-26 13:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-22 18:15 - 2014-08-22 18:15 - 00000000 ____D () C:\3522ebabf596f83325ebc3881962
2014-08-22 18:11 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-22 18:11 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-22 18:11 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-22 18:10 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-22 17:53 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-22 17:52 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-22 17:52 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-22 17:52 - 2013-10-08 08:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-22 17:50 - 2014-08-22 17:52 - 00002200 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-22 17:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-22 17:21 - 2014-08-22 17:32 - 00000000 ____D () C:\AdwCleaner
2014-08-22 17:15 - 2014-08-22 17:15 - 00046682 _____ () C:\Users\Arthur\Desktop\JRT.txt
2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\Windows\ERUNT
2014-08-22 16:54 - 2014-07-24 14:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-22 16:54 - 2014-07-24 13:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-22 16:54 - 2014-07-24 13:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-22 16:54 - 2014-07-24 13:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-22 16:54 - 2014-07-24 13:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-22 16:54 - 2014-07-24 13:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-22 16:54 - 2014-07-24 13:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-22 16:54 - 2014-07-24 13:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-22 16:54 - 2014-07-24 13:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-22 16:54 - 2014-07-24 13:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-22 16:54 - 2014-07-24 13:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-22 16:54 - 2014-07-24 13:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-22 16:54 - 2014-07-24 13:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-22 16:54 - 2014-07-24 13:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-22 16:54 - 2014-07-24 13:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-22 16:54 - 2014-07-24 13:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-22 16:54 - 2014-07-24 13:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-22 16:54 - 2014-07-24 13:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-22 16:54 - 2014-07-24 13:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-22 16:54 - 2014-07-24 13:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-22 16:54 - 2014-07-24 13:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-22 16:54 - 2014-07-07 20:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-22 16:54 - 2014-06-13 20:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-22 16:54 - 2014-06-13 20:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-22 16:54 - 2014-06-02 06:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-22 16:54 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-22 16:54 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-22 16:54 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-22 16:54 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-22 16:39 - 2014-08-22 16:39 - 01016261 _____ (Thisisu) C:\Users\Arthur\Downloads\JRT (1).exe
2014-08-22 16:39 - 2014-08-22 16:39 - 01016261 _____ (Thisisu) C:\Users\Arthur\Desktop\JRT (1).exe
2014-08-22 16:38 - 2014-08-22 16:38 - 01016261 _____ (Thisisu) C:\Users\Arthur\Downloads\JRT.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-01 11:20 - 2014-09-01 11:15 - 00023302 _____ () C:\Users\Arthur\Desktop\FRST.txt
2014-09-01 11:15 - 2014-09-01 11:14 - 00000000 ____D () C:\FRST
2014-09-01 11:14 - 2013-04-17 16:27 - 00000378 _____ () C:\Windows\Tasks\update-S-1-5-21-2954682461-3353532526-1526713206-1000.job
2014-09-01 11:13 - 2014-09-01 11:13 - 01096704 _____ (Farbar) C:\Users\Arthur\Downloads\FRST.exe
2014-09-01 11:13 - 2014-09-01 11:13 - 01096704 _____ (Farbar) C:\Users\Arthur\Desktop\FRST.exe
2014-09-01 11:08 - 2014-09-01 11:08 - 00003150 _____ () C:\Users\Arthur\Desktop\aswMBR.txt
2014-09-01 11:08 - 2014-09-01 11:08 - 00000512 _____ () C:\Users\Arthur\Desktop\MBR.dat
2014-09-01 11:07 - 2011-07-31 18:54 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 09:58 - 2013-03-04 19:53 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2954682461-3353532526-1526713206-1000UA.job
2014-09-01 09:50 - 2010-12-28 01:30 - 01293493 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 09:43 - 2007-09-15 18:14 - 00000000 ____D () C:\Windows\SMINST
2014-09-01 09:42 - 2011-07-31 18:54 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 09:42 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 09:42 - 2006-11-02 08:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 09:42 - 2006-11-02 08:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 23:56 - 2006-11-02 09:01 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-31 22:48 - 2014-08-31 22:48 - 05185536 _____ (AVAST Software) C:\Users\Arthur\Downloads\aswMBR.exe
2014-08-31 22:48 - 2014-08-31 22:48 - 05185536 _____ (AVAST Software) C:\Users\Arthur\Desktop\aswMBR.exe
2014-08-31 22:40 - 2014-08-31 22:40 - 00000000 ____D () C:\_OTL
2014-08-31 22:29 - 2014-08-31 22:29 - 00000000 ____D () C:\Users\Arthur\Documents\Lightshot
2014-08-31 22:17 - 2010-12-28 11:01 - 00000000 ____D () C:\Program Files\Pando Networks
2014-08-31 12:01 - 2013-04-17 16:27 - 00000378 _____ () C:\Windows\Tasks\update-sys.job
2014-08-31 11:56 - 2014-08-31 11:56 - 00231760 _____ () C:\Users\Arthur\Downloads\CrucialScan.exe
2014-08-31 11:55 - 2014-08-31 11:55 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Skillbrains
2014-08-31 11:55 - 2014-08-31 11:55 - 00000000 ____D () C:\Program Files\Skillbrains
2014-08-31 11:55 - 2013-04-29 19:13 - 00000000 ____D () C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2014-08-31 11:55 - 2013-04-17 16:27 - 00000438 _____ () C:\Users\Arthur\AppData\Local\UserProducts.xml
2014-08-31 11:53 - 2014-08-31 11:52 - 02273984 _____ (Skillbrains ) C:\Users\Arthur\Downloads\setup-lightshot (3).exe
2014-08-31 11:52 - 2013-12-11 18:47 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Razer
2014-08-31 11:52 - 2013-12-11 18:46 - 00000000 ____D () C:\ProgramData\Razer
2014-08-31 11:52 - 2013-12-11 18:46 - 00000000 ____D () C:\Program Files\Razer
2014-08-31 11:46 - 2014-01-07 20:13 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-29 11:23 - 2014-08-29 11:22 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Akamai
2014-08-28 21:14 - 2014-08-28 21:14 - 00087120 _____ () C:\Users\Arthur\Downloads\OTL.Txt
2014-08-28 21:14 - 2014-08-28 21:14 - 00054866 _____ () C:\Users\Arthur\Downloads\Extras.Txt
2014-08-28 20:33 - 2014-08-28 20:33 - 00602112 _____ (OldTimer Tools) C:\Users\Arthur\Desktop\OTL.exe
2014-08-28 20:26 - 2006-11-02 08:47 - 00441160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 20:33 - 2007-09-15 18:05 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-27 20:07 - 2014-06-27 12:41 - 00007498 _____ () C:\Windows\PFRO.log
2014-08-26 18:58 - 2013-03-04 19:53 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2954682461-3353532526-1526713206-1000Core.job
2014-08-26 13:17 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-26 13:10 - 2010-12-27 23:08 - 00000000 ____D () C:\ProgramData\Norton
2014-08-26 13:04 - 2014-08-26 13:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-26 13:04 - 2010-12-27 23:09 - 00002215 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-08-26 13:04 - 2010-12-27 23:09 - 00000000 ____D () C:\Windows\system32\Drivers\NIS
2014-08-26 12:54 - 2010-12-27 23:09 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2014-08-26 12:54 - 2010-12-27 23:09 - 00008194 _____ () C:\Windows\system32\Drivers\SYMEVENT.CAT
2014-08-26 12:53 - 2010-12-27 23:08 - 00000000 ____D () C:\Program Files\Norton Internet Security
2014-08-26 12:46 - 2011-09-10 18:59 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-08-26 12:14 - 2013-11-12 21:06 - 00000000 ____D () C:\Users\Arthur\Desktop\Belts
2014-08-26 11:56 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-08-26 11:36 - 2013-10-28 17:51 - 00000000 ____D () C:\Program Files\Youtube Movie Maker
2014-08-26 11:23 - 2013-04-02 15:23 - 00000000 ____D () C:\Program Files\Litecoin
2014-08-26 11:21 - 2006-11-02 06:33 - 00851378 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-26 11:20 - 2010-12-27 22:38 - 00000000 ____D () C:\Users\Arthur
2014-08-22 21:03 - 2014-08-28 00:13 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 19:26 - 2014-08-28 00:13 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 18:15 - 2014-08-22 18:15 - 00000000 ____D () C:\3522ebabf596f83325ebc3881962
2014-08-22 18:15 - 2013-07-18 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-22 18:15 - 2006-11-02 06:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-22 18:02 - 2013-09-21 18:14 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-22 17:55 - 2006-11-02 07:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-22 17:53 - 2007-09-15 17:57 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-22 17:52 - 2014-08-22 17:50 - 00002200 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-22 17:52 - 2007-09-15 17:57 - 00000000 ____D () C:\Program Files\Java
2014-08-22 17:32 - 2014-08-22 17:21 - 00000000 ____D () C:\AdwCleaner
2014-08-22 17:24 - 2014-06-12 22:36 - 00000000 ____D () C:\Users\Arthur\Desktop\ARTHUR JOB STUFF
2014-08-22 17:15 - 2014-08-22 17:15 - 00046682 _____ () C:\Users\Arthur\Desktop\JRT.txt
2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\Windows\ERUNT
2014-08-22 16:39 - 2014-08-22 16:39 - 01016261 _____ (Thisisu) C:\Users\Arthur\Downloads\JRT (1).exe
2014-08-22 16:39 - 2014-08-22 16:39 - 01016261 _____ (Thisisu) C:\Users\Arthur\Desktop\JRT (1).exe
2014-08-22 16:38 - 2014-08-22 16:38 - 01016261 _____ (Thisisu) C:\Users\Arthur\Downloads\JRT.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-01 09:58
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by Arthur at 2014-09-01 11:21:39
Running from C:\Users\Arthur\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.6.602.171 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Aeria Ignite (HKLM\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audjoo Helix 1.0 (HKLM\...\Audjoo Helix_is1) (Version:  - )
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
c5200_Help (Version: 90.0.189.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cross Fire En (HKLM\...\Cross Fire_is1) (Version:  - Z8Games.com)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.15 - DivX, LLC)
Edirol HQ Orchestral VSTi v1.03 (HKLM\...\Edirol HQ Orchestral VSTi v1.03) (Version:  - )
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (Version: 90.0.146.000 - Hewlett-Packard) Hidden
FL Studio  10.0.2 (HKLM\...\FL Studio ) (Version: 10.0.2 - )
FL Studio 10 (HKLM\...\FL Studio 10) (Version:  - Image-Line)
FL Studio 11 (HKLM\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM\...\FlowStone) (Version:  - )
Fraps (HKLM\...\Fraps) (Version:  - )
FREE Word and Excel password recovery Wizard version 2.1.15 (HKLM\...\{BEE8AFD4-907F-4BD5-B2E9-6606291415E8}_is1) (Version: 2.1.15 - FREE Password Recovery Software)
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.102 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4558.05 - PC-Doctor, Inc.)
HP Active Support Library (Version: 3.1.6.1 - Hewlett-Packard) Hidden
HP Active Support Library 32 bit components (Version: 2.1.0 - Hewlett-Packard) Hidden
HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.2.0.2296 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.2.0.2304 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5520 series Basic Device Software (HKLM\...\{E8ED5ADB-3EB5-4890-85F6-0FEA13A47EEE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Product Improvement Study (HKLM\...\{B58FBD4F-C69A-41C1-94AC-1A47AD946C91}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version:  - Image-Line)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
iTunes (HKLM\...\{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}) (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ 6 Update 33 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Java™ SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Lennar Digital Sylenth VSTi v1.2.1 (HKLM\...\Lennar Digital Sylenth VSTi v1.2.1) (Version:  - )
LightScribe  1.8.15.1 (Version: 1.8.15.1 - http://www.lightscribe.com) Hidden
Lightshot-5.1.4.6 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.4.6 - Skillbrains)
Luxonix Purity VSTi v1.1.2 (HKLM\...\Luxonix Purity VSTi_is1) (Version:  - )
ManyCam 2.6.60 (remove only) (HKLM\...\ManyCam) (Version: 2.6.60 - ManyCam LLC)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50701 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.50706 - Microsoft Corporation) Hidden
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 13.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 13.0.1 (x86 en-US)) (Version: 13.0.1 - Mozilla)
Mozilla Firefox 4.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 4.0.1 (x86 en-US)) (Version: 4.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 13.0.1 - Mozilla)
MSRedist (Version: 9.0.30729.4148 - Symantec Corporation) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiBit 0.5.14 (HKLM\...\MultiBit 0.5.14) (Version: 0.5.14 - )
MultiBit 0.5.17 (HKLM\...\MultiBit 0.5.17) (Version: 0.5.17 - )
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1804 - WildTangent)
Native Instruments Massive (HKLM\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Massive (Version: 1.2.1.1989 - Native Instruments) Hidden
Norton Internet Security (HKLM\...\NIS) (Version: 21.5.0.19 - Symantec Corporation)
ODT Viewer version 1.0 (HKLM\...\{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1) (Version: 1.0 - odtviewer.com)
ooVoo (HKLM\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.0.7023 - ooVoo LLC.)
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
REACTOR (HKLM\...\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}) (Version: 1.00.0000 - ijji)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM\...\reFX Nexus_is1) (Version:  - )
reFX Vanguard VSTi RTAS v1.8.0 (HKLM\...\reFX Vanguard_is1) (Version:  - )
Remote Utilities - Viewer (HKLM\...\{E0891DC0-EC05-45F9-9959-64207AB75E6D}) (Version: 5.255.3000 - Usoris Systems LLC)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.572 - Roxio)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12114_1 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12114_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Snapfish Picture Mover (HKLM\...\{029B5901-1F27-4347-9923-E8ACC8F54E15}) (Version: 1.9.0.16 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
Soldier Front (HKLM\...\Soldier Front) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.8.8.348.ge445f5b9 - Spotify AB)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab for Intel (HKLM\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Test Drive 5 (HKLM\...\Test Drive 5) (Version:  - Accolade)
TI Connect 1.6 (HKLM\...\{A8B94669-8654-4126-BD28-D0D2412CDED6}) (Version: 1.6 - Texas Instruments Inc)
Tone2 Gladiator VSTi v2.2 (HKLM\...\Tone2 Gladiator VSTi_is1) (Version:  - )
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
WildTangent Games App (HP Games) (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.31 - WildTangent)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Xfire (remove only) (HKLM\...\Xfire) (Version:  - )
Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2954682461-3353532526-1526713206-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Arthur\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2954682461-3353532526-1526713206-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2954682461-3353532526-1526713206-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Arthur\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2954682461-3353532526-1526713206-1000_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\Arthur\AppData\Local\Roblox\Versions\version-38d9c3e04e394773\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2954682461-3353532526-1526713206-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Arthur\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2954682461-3353532526-1526713206-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Arthur\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
==================== Restore Points  =========================
 
29-08-2014 03:32:37 Scheduled Checkpoint
29-08-2014 18:41:16 Scheduled Checkpoint
31-08-2014 15:58:35 Removed IObit Apps Toolbar v9.6.
01-09-2014 02:40:19 OTL Restore Point - 8/31/2014 10:40:18 PM
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-04-16 17:04 - 2014-04-09 17:34 - 00000809 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 roblox.com
127.0.0.1 www.roblox.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {14D49B84-E6BD-4CE1-B98B-4FB35347F9E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-31] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3E09A082-3DD6-4681-B104-E7324F09E03E} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {3E382ABE-25C2-459F-96D1-C59E182344B9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2954682461-3353532526-1526713206-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {46FE14F9-88E8-471C-BD52-4DD76797C525} - System32\Tasks\Driver Booster SkipUAC (Arthur) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {4ECAAD62-459B-4435-A945-3AC5AC791706} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-05-17] ()
Task: {523BAE2E-445E-470F-B012-25E032F374D3} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {64C613FE-5AA5-406A-A2F0-A7C90F891AE8} - System32\Tasks\update-S-1-5-21-2954682461-3353532526-1526713206-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {78F1294C-1DCA-497A-AD5E-630FD422D14A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2954682461-3353532526-1526713206-1000UA => C:\Users\Arthur\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-04] (Facebook Inc.)
Task: {8EA3544E-9572-4313-B3A1-D97DBD93F244} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {94737657-89AF-4F43-9BED-05752A329451} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {99918669-3E47-468D-8AC7-DCEC3F5CC10C} - System32\Tasks\JavaUpdateAdministrator => C:\Windows\system32\jusched.exe [2007-04-07] (Sun Microsystems, Inc.)
Task: {A1622948-A795-4EDF-ADAD-EBC631018B78} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {AACED546-1343-4F2B-A5A0-3A5C5282E6A1} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {AB37DB43-0782-4F1A-8489-BC12C83FB99D} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {AB587583-7BA9-44F6-A215-0960B8A69C98} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2954682461-3353532526-1526713206-1000Core => C:\Users\Arthur\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-04] (Facebook Inc.)
Task: {BDCAFF8D-0FA4-4CB5-8A03-471471B7CB7D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {C6681F91-7FE4-42D7-BA18-E5A36651411C} - System32\Tasks\Go for FilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {D0A0AA8E-9160-40B9-A926-D35824AC2978} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D8BB4AFB-3E82-4CD5-A20C-E2947E79E7FE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2954682461-3353532526-1526713206-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {E34B349C-738F-4A87-BF64-401C80B3A8EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-31] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2010-12-28] ()
Task: {FE7AE3B7-DF0A-445F-8ABD-5D44048C5584} - System32\Tasks\JavaUpdateArthur => C:\Windows\system32\jusched.exe [2007-04-07] (Sun Microsystems, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2954682461-3353532526-1526713206-1000Core.job => C:\Users\Arthur\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2954682461-3353532526-1526713206-1000UA.job => C:\Users\Arthur\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-2954682461-3353532526-1526713206-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-01-15 20:55 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-29 17:14 - 2014-08-28 00:54 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.102\pdf.dll
2014-08-29 17:14 - 2014-08-28 00:54 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.102\ppGoogleNaClPluginChrome.dll
2014-08-29 17:14 - 2014-08-28 00:53 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.102\ffmpegsumo.dll
2014-04-11 14:58 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-11 14:58 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Arthur\Desktop\Calm-Down.MP3:TOC.WMV
AlternateDataStreams: C:\Users\Arthur\Desktop\Gucci Mane & Cheif Keef - Top of Trash  (RGF.iS).mp3:TOC.WMV
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk => C:\Windows\pss\Snapfish Media Detector.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Facebook Update => "C:\Users\Arthur\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LightShot => C:\Users\Arthur\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Arthur\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/31/2014 10:46:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/31/2014 10:46:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/31/2014 10:18:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/31/2014 10:18:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/31/2014 00:00:32 PM) (Source: MsiInstaller) (EventID: 11316) (User: Arthur-PC)
Description: Product: IObit Apps Toolbar v9.6 -- Error 1316.The specified account already exists.
 
Error: (08/31/2014 11:56:58 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: PolicyAgent
 
Error: (08/31/2014 11:56:58 AM) (Source: Perflib) (EventID: 1005) (User: )
Description: OpenIPSecPerformanceDataC:\Windows\System32\ipsecsvc.dllPolicyAgent4
 
Error: (08/31/2014 11:56:58 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (08/31/2014 11:56:53 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (08/26/2014 01:10:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: Microsoft.SqlServer.Management.SmoMetadataProvider, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91 . Error code = 0x80070002
 
 
System errors:
=============
Error: (09/01/2014 09:44:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (09/01/2014 09:43:26 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {28778B62-8481-400D-8E8A-A4C81ED3F65C}
 
Error: (08/31/2014 11:55:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
 
Error: (08/31/2014 10:46:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (08/31/2014 10:46:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {28778B62-8481-400D-8E8A-A4C81ED3F65C}
 
Error: (08/31/2014 10:40:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Realtek Audio Service1
 
Error: (08/31/2014 10:19:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: LiveUpdate1
 
Error: (08/31/2014 10:19:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (08/31/2014 10:18:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {28778B62-8481-400D-8E8A-A4C81ED3F65C}
 
Error: (08/31/2014 11:52:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: RzKLService1
 
 
Microsoft Office Sessions:
=========================
Error: (08/31/2014 10:46:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\VstPlugins\Sugar Bytes\Turnado\Turnado x64.exe
 
Error: (08/31/2014 10:46:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\VstPlugins\Sugar Bytes\Turnado\Turnado x64.exe
 
Error: (08/31/2014 10:18:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\VstPlugins\Sugar Bytes\Turnado\Turnado x64.exe
 
Error: (08/31/2014 10:18:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\VstPlugins\Sugar Bytes\Turnado\Turnado x64.exe
 
Error: (08/31/2014 00:00:32 PM) (Source: MsiInstaller) (EventID: 11316) (User: Arthur-PC)
Description: Product: IObit Apps Toolbar v9.6 -- Error 1316.The specified account already exists.
(NULL)(NULL)(NULL)(NULL)
 
Error: (08/31/2014 11:56:58 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: PolicyAgent
 
Error: (08/31/2014 11:56:58 AM) (Source: Perflib) (EventID: 1005) (User: )
Description: OpenIPSecPerformanceDataC:\Windows\System32\ipsecsvc.dllPolicyAgent4
 
Error: (08/31/2014 11:56:58 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (08/31/2014 11:56:53 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (08/26/2014 01:10:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: Microsoft.SqlServer.Management.SmoMetadataProvider, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91 . Error code = 0x80070002 
Microsoft.SqlServer.Management.SmoMetadataProvider, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-01 11:21:11.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-01 11:21:10.239
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-01 11:21:09.387
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-01 11:21:08.589
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-01 11:20:13.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-01 11:20:12.495
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-01 11:20:11.675
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-01 11:20:10.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-01 11:18:32.529
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20140821.007\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-01 11:18:31.756
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20140821.007\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® Dual CPU E2140 @ 1.60GHz
Percentage of memory in use: 66%
Total physical RAM: 2037.77 MB
Available physical RAM: 678.65 MB
Total Pagefile: 4316.82 MB
Available Pagefile: 2688 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.11 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:289.28 GB) (Free:154.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:8.81 GB) (Free:1.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=289.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

 

My boot time seems normal now. Not fast not slow. 


Edited by kingkeef, 01 September 2014 - 09:33 AM.

  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the info. Glad to hear your boot time is a little better. Please follow the instructions below.

 

Step#1 - FRST Fix

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

1. Download attached file and save it to the DesktopAttached File  fixlist.txt   1.63KB   43 downloads
    Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).

 

2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#2 - Security Check

 

1. Download Security Check from here or here.

2. Save it to your Desktop.

3. Right-click on SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.

4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

 

 

Step#3 - Services Check

1. Please download Farbar Service Scanner to your desktop.
2. Right-click on the FSS.exe file and choose Run as administrator. Make sure that all the options are checked:
3. Press "Scan".
4. It will create a log (FSS.txt) in the same directory the tool is run.
5. Please copy and paste the log to your reply.

6. Next in the Search box of the Farbar Service Scanner program please copy and paste WinDefend into the box and click the Export Service button.

7. Notepad will open with the information. Please copy and paste this information into your next post as well.

 

 

Step#4 - ESET Online Scan
 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the contents of the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
    Note: Copy/Paste the contents of the log.txt file before going on to the next step or the log file will be removed.
  • Also be sure to check Uninstall Application on Close before clicking finish.
  • Paste that log as a part of your next post.

  

 

Items for your next post
1. FRST Fix Log

2. Security Check Log

3. Services Check Log as well as the WinDefend export log

4. ESET Log


  • 0

#13
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#14
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Thread re-opened per user's request.


  • 0

#15
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi KingKeef -

 

Since it's been awhile I'll need fresh logs before we can continue. Also can you let me know what issues you are having? Thank you.

 

Step#1 - Fresh Set of Logs Needed
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 32-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Note: Ensure that the Addition.txt check box is checked at the bottom of the form within the Optional Scan area.
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP