Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cleaning out junk files [Solved]


  • This topic is locked This topic is locked

#1
Geekimnot

Geekimnot

    Member

  • Member
  • PipPipPip
  • 228 posts

Hi,

 

My grandson has been given a laptop that was used to play games. I have uninstalled as many games as I can identify, installed and ran Malwarebytes, and defraged the hard drive, but the computer still runs slow.

 

Is there a program that identifies unused programs, I know that when you open Programs ands features in the Control panel it is supposed to show the "last used on date" but it also shows some that have been used requently but have no last used date.

 

I do not want to just start uninstalling programs if I am not sure what they do.

 

Any help appreciated

 

*************************************

 

I have run OTL, here is the log

 

OTL logfile created on: 28/09/2014 10:14:57 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Papa\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.75 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 34.22% Memory free
5.71 Gb Paging File | 3.50 Gb Available in Paging File | 61.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 155.57 Gb Free Space | 54.17% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.82 Gb Free Space | 16.68% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/28 10:12:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Papa\Downloads\OTL.exe
PRC - [2014/09/04 13:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/07/31 21:49:52 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\21.5.0.19\n360.exe
PRC - [2014/05/14 00:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/05/12 13:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 13:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 13:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/08 18:42:13 | 000,070,760 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.7\waol.exe
PRC - [2014/04/08 18:42:12 | 000,045,160 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.7\shellmon.exe
PRC - [2014/04/03 17:45:37 | 002,442,856 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.7\aolbrowser.exe
PRC - [2014/02/06 23:09:56 | 000,046,184 | R--- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2014/02/06 23:08:39 | 000,039,016 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
PRC - [2012/01/13 16:22:10 | 001,493,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/07/21 15:24:12 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/03/08 08:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1402743905\ee\aolsoftware.exe
PRC - [2009/07/09 18:48:20 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 17:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/06/24 07:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V305\dldtmsdmon.exe
PRC - [2008/06/24 07:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V305\dldtmon.exe
PRC - [2008/01/21 03:24:43 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/10/12 10:34:56 | 000,071,096 | ---- | M] () -- C:\Program Files\iDumpPro\NMSAccessU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/17 19:33:27 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ecc6ea26e775933a1f05e79624ce82b5\System.Management.ni.dll
MOD - [2014/09/17 19:29:04 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\15a4af0f2265c3e9ae73f4365eaf309c\System.Deployment.ni.dll
MOD - [2014/09/17 19:28:37 | 000,774,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\00ae7fa4e4351893a11a36a6712965af\System.Runtime.Remoting.ni.dll
MOD - [2014/09/17 19:28:33 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\3c873c653904d485175bb6234625178b\System.Transactions.ni.dll
MOD - [2014/09/17 19:28:31 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\78072ba01a21c260fa30c07f5f70210c\System.EnterpriseServices.ni.dll
MOD - [2014/09/17 19:28:31 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\78072ba01a21c260fa30c07f5f70210c\System.EnterpriseServices.Wrapper.dll
MOD - [2014/09/17 19:28:08 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\a701c4affbf06da91d3c666feed05c0e\System.Configuration.ni.dll
MOD - [2014/09/17 19:25:35 | 005,465,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\846057ebe7a3cb80edc3f73d35b4830a\System.Xml.ni.dll
MOD - [2014/09/17 19:24:56 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\33cd8a4969b01252189a6c1ca39ccb45\System.Windows.Forms.ni.dll
MOD - [2014/09/17 19:24:35 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e279c8265d76b7ca403c7ef9185ec04\System.Drawing.ni.dll
MOD - [2014/09/17 19:24:01 | 006,649,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\5e38f232029a7464cde8ad5bc8831c6c\System.Data.ni.dll
MOD - [2014/09/17 19:23:32 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfef2a88cff08e800e757d02f1c71e59\PresentationFramework.Aero.ni.dll
MOD - [2014/09/17 19:23:26 | 014,330,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\678f04a5ecfa94038467eb4cb566b927\PresentationFramework.ni.dll
MOD - [2014/09/17 19:22:43 | 012,218,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\dad68e7dc2a10cd5f83c1a73763d68fc\PresentationCore.ni.dll
MOD - [2014/09/17 19:22:15 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\a3c2b8ccbd1cb7460df419020a57fd39\WindowsBase.ni.dll
MOD - [2014/09/17 19:22:07 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0ab7bdcd7b8bdf70f983be2c324ea3b8\System.ni.dll
MOD - [2014/09/17 19:21:46 | 011,496,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3444fbefcbd532181c499150ace644a4\mscorlib.ni.dll
MOD - [2014/08/20 14:18:29 | 000,036,352 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2014/07/01 20:01:56 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2014/05/14 00:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
MOD - [2014/05/14 00:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014/05/14 00:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2014/05/08 00:42:38 | 002,958,848 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/04/08 18:42:13 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7\zlib.dll
MOD - [2014/04/08 18:42:07 | 021,151,744 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7\libcef.dll
MOD - [2014/04/08 18:42:06 | 000,648,704 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7\libGLESv2.dll
MOD - [2014/04/08 18:42:06 | 000,122,880 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7\libEGL.dll
MOD - [2014/04/08 18:42:05 | 000,094,208 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7\components\Tier2Svc.dll
MOD - [2014/04/08 18:42:05 | 000,060,928 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7\components\DataSvcs.dll
MOD - [2014/03/28 11:49:12 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/11/03 22:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/07/02 12:40:42 | 000,162,816 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtdrui.dll
MOD - [2009/05/27 08:58:56 | 000,811,008 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtptpc.dll
MOD - [2009/04/11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/03/25 15:53:06 | 000,147,456 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtprpr.dll
MOD - [2008/10/01 00:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/10/01 00:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/10/01 00:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/10/01 00:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/10/01 00:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/10/01 00:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/10/01 00:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/10/01 00:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008/06/24 07:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V305\dldtmsdmon.exe
MOD - [2008/06/24 07:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V305\dldtmon.exe
MOD - [2008/05/26 08:05:20 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell V305\app4r.monitor.core.dll
MOD - [2008/05/26 08:05:20 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell V305\app4r.monitor.common.dll
MOD - [2008/05/26 08:04:06 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.dll
MOD - [2008/03/18 23:05:05 | 000,782,336 | ---- | M] () -- C:\Program Files\Dell V305\dldtdrs.dll
MOD - [2008/03/18 23:04:20 | 000,380,928 | ---- | M] () -- C:\Program Files\Dell V305\dldtscw.dll
MOD - [2008/02/19 23:25:56 | 000,081,920 | ---- | M] () -- C:\Program Files\Dell V305\dldtcaps.dll
MOD - [2008/02/19 23:18:58 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V305\dldtmonr.dll
MOD - [2008/01/22 03:05:12 | 000,077,906 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\DLDTcfg.dll
MOD - [2008/01/22 03:05:12 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell V305\DLDTcfg.dll
MOD - [2007/11/22 09:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/11/13 20:13:09 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell V305\dldtcnv4.dll
MOD - [2007/05/29 07:39:08 | 000,589,824 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtdatr.dll
MOD - [2007/03/26 07:39:36 | 000,073,728 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtcats.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/09/24 19:05:59 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/04 13:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/07/31 21:49:52 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\21.5.0.19\N360.exe -- (N360)
SRV - [2014/05/12 13:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 13:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/02/06 23:09:56 | 000,046,184 | R--- | M] (AOL Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2013/10/23 14:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/07/21 15:24:12 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2009/07/09 18:48:20 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)
SRV - [2009/07/09 18:48:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2008/10/06 17:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/12 10:34:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\iDumpPro\NMSAccessU.exe -- (NMSAccessU)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\afbkotbu.sys -- (ybsqrar)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2014/09/28 09:58:08 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/09/14 10:51:10 | 000,378,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/09/14 10:51:10 | 000,111,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/09/12 23:11:20 | 001,137,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140912.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/08/30 07:54:17 | 000,476,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20140925.002\IDSvix86.sys -- (IDSVix86)
DRV - [2014/08/21 09:52:26 | 001,636,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140925.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/08/21 09:52:24 | 000,095,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140925.025\NAVENG.SYS -- (NAVENG)
DRV - [2014/08/20 14:34:07 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2014/05/12 13:26:04 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 13:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/04/27 19:05:23 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2014/03/04 05:18:12 | 000,936,152 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1505000.013\symefa.sys -- (SymEFA)
DRV - [2014/02/25 03:44:40 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1505000.013\ccsetx86.sys -- (ccSet_N360)
DRV - [2014/02/18 02:32:41 | 000,384,728 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1505000.013\symtdiv.sys -- (SYMTDIv)
DRV - [2014/02/13 02:59:49 | 000,664,280 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\1505000.013\srtsp.sys -- (SRTSP)
DRV - [2013/10/30 08:26:19 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1505000.013\symds.sys -- (SymDS)
DRV - [2013/10/30 07:48:50 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1505000.013\ironx86.sys -- (SymIRON)
DRV - [2013/10/30 07:32:37 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1505000.013\srtspx.sys -- (SRTSPX)
DRV - [2013/08/22 13:40:22 | 000,035,288 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/12/01 11:40:16 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/12/01 11:40:16 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2009/07/24 03:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/12/20 08:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/05 17:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 20:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/05/06 22:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/24 23:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/29 14:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/18 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/01/29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006/11/29 23:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{B5F099C4-BFA8-4583-9FA5-E80C8E8040D5}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{E9D4E014-3CA2-4E2F-A41D-82B294BAE6A8}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF [2014/04/27 19:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn\ [2014/09/28 09:56:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/08/20 14:18:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2014/06/13 16:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/26 00:32:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/29 07:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/29 01:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: No name found = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Yahoo Extension = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.1.117_0\
CHR - Extension: No name found = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\204\
CHR - Extension: Norton Identity Safe = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: Norton Identity Safe = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_1\
CHR - Extension: One Direction Website App = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\106\
CHR - Extension: No name found = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp\126\
CHR - Extension: No name found = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhgkegeccnckoiliokondpaaalbhafoa\101\
CHR - Extension: No name found = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe ()
O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1402743905\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.7\AOL.EXE (AOL Inc.)
O4 - Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HMA Pro VPN 2.0.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BE6D825-06C9-4D4C-83F9-42AC5FF1FB1E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/26 12:41:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/09/25 07:41:38 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\Add-in Express
[2014/09/25 07:41:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/09/24 06:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2014/09/24 06:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2014/09/23 18:39:47 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/09/23 18:32:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/17 19:06:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/09/17 19:06:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/09/17 19:06:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/09/17 19:06:28 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/09/17 19:06:25 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/09/17 19:06:23 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/09/17 19:06:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/09/17 19:06:22 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/09/17 19:06:20 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/09/17 19:06:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/09/17 19:06:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/09/17 19:06:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/08/30 12:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\Betting Assistant
[2014/08/30 07:34:35 | 002,054,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/28 10:10:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/28 09:58:08 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/09/28 09:58:05 | 000,000,248 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2014/09/28 09:56:16 | 000,145,546 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/09/28 09:56:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/28 09:55:56 | 000,145,546 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/09/28 09:55:46 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/28 09:55:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/28 09:55:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/28 09:55:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/28 09:54:34 | 2951,102,464 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/24 19:05:21 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/09/24 19:05:20 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/09/23 19:41:10 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/23 19:41:10 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/09/21 08:37:22 | 000,067,584 | ---- | M] () -- C:\Users\Papa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/09/21 08:12:53 | 000,644,352 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/09/21 08:12:53 | 000,120,552 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/09/15 09:06:04 | 000,231,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/09/09 07:24:46 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/08/30 13:03:42 | 000,002,417 | ---- | M] () -- C:\Users\Papa\Desktop\Betting Assistant.lnk
[2014/08/30 12:18:55 | 000,329,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/30 12:35:28 | 000,002,447 | ---- | C] () -- C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betting Assistant.lnk
[2014/08/30 12:35:28 | 000,002,417 | ---- | C] () -- C:\Users\Papa\Desktop\Betting Assistant.lnk
[2014/08/20 16:29:54 | 000,000,306 | ---- | C] () -- C:\Users\Papa\AppData\Roaming\wklnhst.dat
[2014/08/20 13:35:00 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2014/08/11 10:22:49 | 000,017,648 | ---- | C] () -- C:\Windows\System32\dldtwupd.exe
[2014/08/11 10:22:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldtwupd.dll
[2014/08/11 10:22:21 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\DLDThcp.dll
[2014/08/11 10:22:21 | 000,348,160 | ---- | C] () -- C:\Windows\System32\DLDTinst.dll
[2014/06/23 15:40:18 | 000,000,680 | ---- | C] () -- C:\Users\Papa\AppData\Local\d3d9caps.dat
[2014/06/16 15:47:02 | 000,067,584 | ---- | C] () -- C:\Users\Papa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/14 11:58:19 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2014/04/28 02:41:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/19 03:52:11 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/07 06:33:06 | 000,145,546 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/07 06:24:57 | 000,145,546 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/05 21:49:59 | 000,000,248 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 14:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:373E1720
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A2947BEA
 
< End of report >
 

 

 


  • 0

Advertisements


#2
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello Geekimnot, welcome to Geeks To Go Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 5 days. Please inform me if you will require additional time to complete my instructions.
     

======================================================

 

Lets start with the following steps, and we'll get on to your list of installed programmes. :)
 
STEP 1
BY4dvz9.png AdwCleaner

  • Delete your current copy of AdwCleaner (right-click + Delete).
  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
  • Follow the prompts and allow your computer to reboot.
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
 
STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted.
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) and save the file to your Desktop.
  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[S0].txt
  • JRT.txt
  • FRST.txt
  • Addition.txt

  • 0

#3
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Hello Adam,

 

Thank you for your offer to help.

 

Please note that this laptop is not always swiched on, so please forgive me if there are any delays in responding.

 

My name is Ian and I have no problem using first names,

 

I am starting to run the programs now.

 

Regards

Ian


  • 0

#4
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Hello Adam,

 

Here are the logs.

 

Cheers

Ian   :)

 

ADW

 

 

# AdwCleaner v3.310 - Report created 28/09/2014 at 17:43:55
# Updated 12/09/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Papa - OWNER-PC
# Running from : C:\AdwCleaner\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16575
 
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R2].txt - [2134 octets] - [28/09/2014 17:37:56]
AdwCleaner[S1].txt - [1903 octets] - [28/09/2014 17:43:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1963 octets] ##########
 
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Papa on 28/09/2014 at 17:54:36.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E9D4E014-3CA2-4E2F-A41D-82B294BAE6A8}
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-09-2014 01
Ran by Papa (administrator) on OWNER-PC on 28-09-2014 18:23:26
Running from C:\Users\Papa\Desktop
Loaded Profile: Papa (Available profiles: Papa)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
( ) C:\Windows\System32\dldtcoms.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.5.0.19\n360.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Program Files\iDumpPro\NMSAccessU.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.5.0.19\n360.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1402743905\ee\aolsoftware.exe
() C:\Program Files\Dell V305\dldtmon.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Nero AG) C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files\Dell V305\dldtmsdmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\waol.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\shellmon.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\aolbrowser.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1402743905\ee\aolupdates.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-09-24] (CyberLink Corp.)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-14] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-14] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDIRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-14] (CyberLink Corp.)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [1638400 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1402743905\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [dldtmon.exe] => C:\Program Files\Dell V305\dldtmon.exe [668912 2008-06-24] ()
HKLM\...\Run: [dldtamon] => C:\Program Files\Dell V305\dldtamon.exe [16624 2008-06-24] ()
HKLM\...\Run: [NBAgent] => C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2012-01-13] (Nero AG)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [623880 2008-09-09] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2014-08-20] (Google)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2066108842-3818072011-482783874-1003\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-10-01] (Hewlett-Packard)
HKU\S-1-5-21-2066108842-3818072011-482783874-1003\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2066108842-3818072011-482783874-1003\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.7\AOL.EXE [72296 2014-04-08] (AOL Inc.)
HKU\S-1-5-21-2066108842-3818072011-482783874-1003\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [145408 2014-08-20] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
ShortcutTarget: Logitech Touch Mouse Server.lnk -> C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HMA Pro VPN 2.0.lnk
ShortcutTarget: HMA Pro VPN 2.0.lnk -> C:\Program Files\HMA! Pro VPN\bin\HMA! Pro VPN.exe (No File)
Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.5.0.19\buShell.dll (Symantec Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - {B5F099C4-BFA8-4583-9FA5-E80C8E8040D5} URL = http://www.ask.com/w...}&l=dis&o=ushpl
BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Papa\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-20]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF [2014-04-27]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn [2014-09-28]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-11]
CHR Extension: (Google Drive) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-11]
CHR Extension: (YouTube) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-11]
CHR Extension: (Google Search) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-11]
CHR Extension: (Yahoo Extension) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-08-12]
CHR Extension: (Trustwave SecureBrowsing) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif [2014-07-06]
CHR Extension: (Norton Identity Safe) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-12]
CHR Extension: (One Direction Website App) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp [2014-09-03]
CHR Extension: (rikaikun) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2014-08-05]
CHR Extension: (IP Address and Domain Information) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhgkegeccnckoiliokondpaaalbhafoa [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-11]
CHR Extension: (Gmail) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46184 2014-02-06] (AOL Inc.)
S2 dldtCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe [98984 2009-07-09] ()
R2 dldt_device; C:\Windows\system32\dldtcoms.exe [594600 2009-07-09] ( )
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2014-08-20] (Google) [File not signed]
S2 gupdate1ca89eaaa4945cd; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-12-31] (Google Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\21.5.0.19\N360.exe [265040 2014-07-31] (Symantec Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
R2 NMSAccessU; C:\Program Files\iDumpPro\NMSAccessU.exe [71096 2007-10-12] ()
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2008-09-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-08-08] (Intuit Inc.) [File not signed]
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140912.003\BHDrvx86.sys [1137368 2014-09-12] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1505000.013\ccSetx86.sys [127064 2014-02-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-14] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20140926.003\IDSvix86.sys [476888 2014-08-30] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140927.001\NAVENG.SYS [95704 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140927.001\NAVEX15.SYS [1636696 2014-08-21] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1505000.013\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1505000.013\SRTSPX.SYS [32344 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1505000.013\SYMDS.SYS [367704 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1505000.013\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-04-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1505000.013\Ironx86.SYS [206936 2013-10-30] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1505000.013\SYMTDIV.SYS [384728 2014-02-18] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-29] (Apple, Inc.) [File not signed]
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 ybsqrar; System32\drivers\afbkotbu.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-28 18:23 - 2014-09-28 18:24 - 00023993 _____ () C:\Users\Papa\Desktop\FRST.txt
2014-09-28 18:23 - 2014-09-28 18:23 - 00000000 ____D () C:\FRST
2014-09-28 18:22 - 2014-09-28 18:22 - 01100288 _____ (Farbar) C:\Users\Papa\Desktop\frst.exe
2014-09-28 18:07 - 2014-09-28 18:07 - 00001104 _____ () C:\Users\Papa\Desktop\JRT.txt
2014-09-28 17:54 - 2014-09-28 17:54 - 00000000 ____D () C:\Windows\ERUNT
2014-09-28 17:33 - 2014-09-28 17:33 - 01699276 _____ (Thisisu) C:\Users\Papa\Desktop\JRT.exe
2014-09-28 10:45 - 2014-09-28 10:45 - 00066620 _____ () C:\Users\Papa\Downloads\Extras.Txt
2014-09-28 10:43 - 2014-09-28 10:43 - 00086934 _____ () C:\Users\Papa\Downloads\OTL.Txt
2014-09-28 10:12 - 2014-09-28 10:12 - 00602112 _____ (OldTimer Tools) C:\Users\Papa\Downloads\OTL.exe
2014-09-26 12:41 - 2014-09-09 07:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 18:51 - 2014-09-25 18:51 - 00241129 _____ () C:\Users\Papa\Downloads\[Percival_Kate]_The_Life_and_Amours_of_the_Beautif(BookSee.org).txt
2014-09-25 18:46 - 2014-09-25 18:46 - 00502969 _____ () C:\Users\Papa\Downloads\[Ashe_Aran]_The_Handmaidens(BookSee.org).rar
2014-09-25 18:44 - 2014-09-25 18:45 - 00507214 _____ () C:\Users\Papa\Downloads\[Ashe_Aran]_The_Slave_of_Lidir(BookSee.org).rar
2014-09-25 07:41 - 2014-09-25 07:41 - 00000000 ____D () C:\Users\Papa\Documents\Add-in Express
2014-09-25 07:22 - 2012-10-25 21:43 - 00000000 ____D () C:\Users\Papa\Downloads\Aran Ashe - Choosing Lovers for Justine [Nexus] (rtf)
2014-09-25 07:20 - 2014-09-25 07:20 - 00336899 _____ () C:\Users\Papa\Downloads\[Ashe_Aran]_Choosing_Lovers_for_Justine(BookSee.org).rar
2014-09-23 18:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-23 18:32 - 2014-09-28 17:44 - 00000000 ____D () C:\AdwCleaner
2014-09-23 18:26 - 2014-09-23 18:26 - 01373475 _____ () C:\Users\Papa\Downloads\AdwCleaner.exe
2014-09-17 19:06 - 2014-08-15 15:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-17 19:06 - 2014-08-15 15:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-17 19:06 - 2014-08-15 15:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-17 19:06 - 2014-08-15 15:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-17 19:06 - 2014-08-15 15:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-17 19:06 - 2014-08-15 15:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-17 19:06 - 2014-08-15 15:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-17 19:06 - 2014-08-15 15:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-17 19:06 - 2014-08-15 15:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-17 19:06 - 2014-08-15 15:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-17 19:06 - 2014-08-15 15:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-17 19:06 - 2014-08-15 15:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-17 19:06 - 2014-08-15 15:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-17 19:06 - 2014-08-15 15:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-17 19:06 - 2014-08-15 15:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-17 19:06 - 2014-08-15 15:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-17 19:06 - 2014-08-15 15:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-17 19:06 - 2014-08-15 15:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-17 19:06 - 2014-08-15 15:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-17 19:06 - 2014-08-15 15:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-17 19:06 - 2014-08-15 15:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-30 12:35 - 2014-08-30 13:03 - 00002447 _____ () C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betting Assistant.lnk
2014-08-30 12:35 - 2014-08-30 13:03 - 00002417 _____ () C:\Users\Papa\Desktop\Betting Assistant.lnk
2014-08-30 12:10 - 2014-08-30 18:18 - 00000000 ____D () C:\Program Files\Betting Assistant
2014-08-30 12:08 - 2014-08-30 12:08 - 03076608 _____ () C:\Users\Papa\Downloads\Betting_Assistant.msi
2014-08-30 07:34 - 2014-08-23 02:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-30 07:34 - 2014-08-23 00:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-28 18:21 - 2014-08-11 10:22 - 00000000 ____D () C:\Program Files\Dell V305
2014-09-28 18:21 - 2014-06-11 17:46 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-28 18:17 - 2009-08-05 21:07 - 01877889 _____ () C:\Windows\WindowsUpdate.log
2014-09-28 18:15 - 2009-08-05 21:49 - 00000248 _____ () C:\ProgramData\hpqp.ini
2014-09-28 18:13 - 2009-12-31 21:04 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-28 18:13 - 2009-09-07 06:33 - 00145546 _____ () C:\ProgramData\nvModes.001
2014-09-28 18:13 - 2009-09-07 06:24 - 00145546 _____ () C:\ProgramData\nvModes.dat
2014-09-28 18:12 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-28 18:12 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-28 18:12 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-28 18:11 - 2006-11-02 14:01 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-28 18:10 - 2014-07-13 15:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-28 17:56 - 2009-12-31 21:04 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-28 17:46 - 2008-01-21 03:47 - 00604140 _____ () C:\Windows\PFRO.log
2014-09-28 12:38 - 2014-06-14 17:39 - 00000000 ____D () C:\Users\Papa\.FBReader
2014-09-28 10:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-09-25 07:42 - 2014-07-07 12:46 - 00000000 ____D () C:\Users\Papa\AppData\Local\WinZip
2014-09-25 07:38 - 2014-07-14 22:10 - 00000000 ____D () C:\Users\Papa\Documents\Calibre Library
2014-09-24 19:19 - 2014-06-16 15:48 - 00000000 ____D () C:\Users\Papa\AppData\Roaming\vlc
2014-09-24 19:05 - 2014-06-14 12:12 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 19:05 - 2011-10-13 17:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 19:41 - 2011-07-26 00:18 - 00000806 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-23 19:41 - 2011-07-26 00:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-23 19:41 - 2009-12-31 08:28 - 00001035 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-21 19:56 - 2014-06-15 13:07 - 00000000 ___RD () C:\Users\Papa\Downloads\New Folder
2014-09-21 08:37 - 2014-06-16 15:47 - 00067584 _____ () C:\Users\Papa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-21 08:12 - 2006-11-02 11:33 - 00758862 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-20 08:17 - 2014-06-11 20:09 - 00000000 ____D () C:\Users\Papa\AppData\Local\Google
2014-09-20 08:07 - 2006-11-02 13:52 - 00143360 _____ () C:\Windows\setupact.log
2014-09-17 19:41 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-17 19:03 - 2014-04-27 16:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-17 18:28 - 2006-11-02 11:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-17 17:29 - 2011-09-19 19:23 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-17 17:28 - 2011-09-19 19:22 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-15 09:06 - 2009-10-27 03:59 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-03 16:49 - 2014-06-11 16:31 - 00000000 ____D () C:\ProgramData\288e76fe2ecde1c4
2014-08-31 20:27 - 2014-06-11 20:10 - 00000000 ____D () C:\Users\Papa\AppData\Roaming\Apple Computer
2014-08-30 12:18 - 2006-11-02 13:47 - 00329752 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Files to move or delete:
====================
C:\Users\Owner\jagex_cl_runescape_LIVE.dat
C:\Users\Owner\jagex_runescape_preferences.dat
C:\Users\Owner\jagex_runescape_preferences2.dat
 
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\_isC4F3.exe
C:\Users\Owner\AppData\Local\Temp\_isD0B6.exe
C:\Users\Papa\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-28 18:19
 
==================== End Of Log ============================
 
Additions
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-09-2014 01
Ran by Papa at 2014-09-28 18:25:24
Running from C:\Users\Papa\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ACID Pro 7.0 (HKLM\...\{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}) (Version: 7.0.713 - Sony)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.5 (HKLM\...\Amazon MP3 Downloader) (Version:  - )
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Betting Assistant (HKLM\...\{BC86ABDF-8148-44B3-8105-4AE9DDBFDCB6}) (Version: 1.0.64 - Gruss Software Ltd)
calibre (HKLM\...\{59E75C53-7980-45AD-ADAA-733198B4BF7F}) (Version: 2.0.0 - Kovid Goyal)
Company of Heroes 2 (HKLM\...\Steam App 231430) (Version:  - Relic Entertainment)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.0.0 - Conexant)
Dell V305 (HKLM\...\Dell V305) (Version:  - Dell, Inc.)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
EA Download Manager (HKLM\...\InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}) (Version: 4.0.0.396 - Electronic Arts)
EA Download Manager (Version: 4.0.0.396 - Electronic Arts) Hidden
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FBReader for Windows (HKLM\...\FBReader for Windows) (Version:  - )
Geek Squad 24 Hour Computer Support (HKLM\...\{F204E2B3-225D-419D-A5DE-3F97E8ADDD1B}) (Version: 2.1.322 - LogMeIn, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
HiDef Media Player 1.1.12 (HKLM\...\HiDef Media Player) (Version: 1.1.12 - HiDefMedia)
High-Definition Video Playback (Version: 11.1.11100.4.196 - Nero AG) Hidden
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Battery Check (HKLM\...\HP Battery Check) (Version: 4.1.0.2 - Hewlett-Packard)
HP Battery Check (Version: 4.1.0.2 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard)
HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.1.0 - Hewlett-Packard Company)
HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
HP Total Care Setup (HKLM\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
iCopyExpert 3.1.2 (HKLM\...\iCopyExpert_is1) (Version:  - iCopyExpert.com)
iDumpPro (HKLM\...\iDumpPro) (Version: 2.5.2 - ESCsoft)
iPod To Computer Transfer 5.6 (HKLM\...\iPod To Computer Transfer_is1) (Version:  - iPod2Computer, Inc)
iTunes (HKLM\...\{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}) (Version: 10.3.1.55 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0926 - CyberLink Corp.)
LabelPrint (Version: 2.5.0926 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Logitech Touch Mouse Server 1.0 (HKLM\...\Logitech Touch Mouse Server) (Version: 1.0 - Logitech Inc.)
LowPricesApp (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - LowPricesApp) <==== ATTENTION
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaWidget 5.5 (HKLM\...\MediaWidget - Easy iPod Transfer_is1) (Version:  - Bootstrap Development, LLC.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL Inc.) Hidden
Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 7.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 7.0.1 (x86 en-US)) (Version: 7.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
muvee Reveal (HKLM\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
Nero 11 (HKLM\...\{810B7362-6B05-4714-AF6A-EF3A20CCD634}) (Version: 11.2.00600 - Nero AG)
Nero 11 Cliparts (Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Disc Menus Basic (Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Effects Basic (Version: 11.0.11400.14.0 - Nero AG) Hidden
Nero 11 Image Samples (Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Kwik Themes Basic (Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 PiP Effects Basic (Version: 11.0.11400.14.0 - Nero AG) Hidden
Nero 11 Video Samples (Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp 11 (Version: 6.2.18400.2.100 - Nero AG) Hidden
Nero BackItUp 11 Help (CHM) (Version: 11.0.10400 - Nero AG) Hidden
Nero Backup Drivers (HKLM\...\{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}) (Version: 1.0.11100.8.0 - Nero AG)
Nero Burning ROM 11 (Version: 11.2.10300.0.0 - Nero AG) Hidden
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero ControlCenter 11 (Version: 11.0.12700.0.27 - Nero AG) Hidden
Nero ControlCenter 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero Core Components 11 (Version: 11.0.16300.1.23 - Nero AG) Hidden
Nero CoverDesigner 11 (Version: 6.0.11000.13.100 - Nero AG) Hidden
Nero CoverDesigner 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero Express 11 (Version: 11.2.10300.0.0 - Nero AG) Hidden
Nero Express 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero Kwik Media (Version: 1.10.24800.146.100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (Version: 11.0.10200 - Nero AG) Hidden
Nero Recode 11 (Version: 5.2.10900.0.0 - Nero AG) Hidden
Nero Recode 11 Help (CHM) (Version: 11.0.10600 - Nero AG) Hidden
Nero RescueAgent 11 (Version: 4.0.10600.10.100 - Nero AG) Hidden
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400 - Nero AG) Hidden
Nero SharedVideoCodecs (Version: 1.0.11500.1.5 - Nero AG) Hidden
Nero SoundTrax 11 (Version: 5.0.10700.6.100 - Nero AG) Hidden
Nero SoundTrax 11 Help (CHM) (Version: 11.0.10400 - Nero AG) Hidden
Nero Update (Version: 11.0.11500.28.0 - Nero AG) Hidden
Nero Video 11 (Version: 8.2.15700.3.100 - Nero AG) Hidden
Nero Video 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero WaveEditor 11 (Version: 6.2.11300.0.100 - Nero AG) Hidden
Nero WaveEditor 11 Help (CHM) (Version: 11.0.10400 - Nero AG) Hidden
nero.prerequisites.msi (Version: 11.0.20010 - Nero AG) Hidden
Norton 360 (HKLM\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
Norton Internet Security (Version: 16.0.0.125 - Symantec Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.3.9 - Pando Networks Inc.)
PC Driver Kit v3.1 (HKLM\...\PC Driver Kit_is1) (Version: 3.1 - PC Health Labs)
Power Tab Editor 1.7 (HKLM\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)
Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.)
PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickBooks Pro 2009 (HKLM\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4001.703 - Intuit Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Skype web features (HKLM\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3971 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SPORE™ (HKLM\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
System Requirements Lab CYRI (HKLM\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TuxGuitar (HKLM\...\TuxGuitar 1.0) (Version: 1.0 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WeatherBug® (HKLM\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
Welcome App (Start-up experience) (Version: 11.0.23500.0.0 - Nero AG) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{1780ADA5-3A29-3585-A9FF-40C8186BE344}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{19EABA9F-F6A6-3819-823A-2686E2A9312D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{2A0C2A39-A9EF-3DBE-911A-6D0B4DF94D04}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38952F1E-F6A7-3306-9326-E7DB4C2E9568}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{3AF2C83F-13AF-3F62-AC52-A975EB2B88FC}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{51B41EFD-4425-3B34-9ED9-4400FAB105BD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{57719D6B-9FE2-397B-8AC1-D3EE59883165}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{73200952-7BF0-35A6-BA4C-AED65FC453D5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{738CD606-129D-45db-86D6-6C9739C750CA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{85454798-8737-3287-B75D-3B31DC32572C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{9851A417-A10E-3AE3-B75D-1B1041881EE3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D8993B26-50F0-3ADC-9C55-010001146949}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
 
==================== Restore Points  =========================
 
23-08-2014 11:39:15 Installed HP Support Solutions Framework
24-08-2014 12:11:44 Installed calibre
25-08-2014 14:38:39 Removed ABBYY FineReader 6.0 Sprint
26-08-2014 07:00:00 Windows Update
30-08-2014 06:32:41 Windows Update
30-08-2014 11:09:42 Installed Betting Assistant
30-08-2014 11:29:49 Removed Betting Assistant
30-08-2014 11:34:38 Installed Betting Assistant
03-09-2014 15:43:46 Windows Update
14-09-2014 09:55:58 Windows Update
17-09-2014 16:30:19 Windows Update
23-09-2014 17:46:46 Windows Update
25-09-2014 06:39:05 Removed WinZip 17.5
26-09-2014 11:34:36 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0945C271-F095-4A39-B438-2F67ACD24F81} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {09E6FF0B-0570-481A-932B-13C9F514C45A} - System32\Tasks\StormFall TM => Chrome.exe --app=http://plarium.com/p...lisherID=1_0_73 --app-window-size=1366,768
Task: {0C664392-3AC0-48D3-9AA2-1DC253B528CE} - System32\Tasks\StormFall W1 => Chrome.exe --app=http://plarium.com/p...lisherID=1_0_73 --app-window-size=1366,768
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2AE7A0EB-0ED1-4636-A0CE-8B404929E8B0} - System32\Tasks\20140813_134755_Restore => C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe [2012-01-13] (Nero AG)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {321CE915-A405-4711-A78C-072B490DE5D1} - System32\Tasks\{E0603528-F91D-413F-AABC-FE9CC22D5638} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3C65948D-B3FC-408A-A24C-7A9777AB8876} - System32\Tasks\StormFall TW1 => Chrome.exe --app=http://plarium.com/p...lisherID=1_0_73 --app-window-size=1366,768
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {46DACE82-B3F3-4134-99AE-3F754EA1DE21} - System32\Tasks\Papa Nero LIVEBackup Merge 6 0 => C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe [2012-01-13] (Nero AG)
Task: {629904EC-946F-4E6E-B8A8-24C6529034A0} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {6C898390-5353-4F8E-8816-63A7B3E3BE6E} - System32\Tasks\Papa Nero LIVEBackup 6 0 => C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe [2012-01-13] (Nero AG)
Task: {6FA31F59-BB10-4F7B-A3B9-4D9AA254D69B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-31] (Google Inc.)
Task: {7B03A13F-E1C8-4A57-9EB8-9BBA375DA92E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-31] (Google Inc.)
Task: {8928E6AE-038C-4BAA-BA10-A72D326E5557} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {8AD369F3-13A3-4267-AF3D-81E188188BCA} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {93653634-2079-4281-9893-97166FA4B3EB} - System32\Tasks\PC Cleaner Schedule => C:\Program Files\PC Cleaner\PCCLauncher.exe
Task: {9B1691A7-E15F-4BE8-BBBE-9269DA6545BC} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {BA022E14-F743-44D5-B271-5EFEB0955C96} - System32\Tasks\StormFall TW2 => Chrome.exe --app=http://plarium.com/p...lisherID=1_0_73 --app-window-size=1366,768
Task: {BD3EE0EA-B9F3-484C-ACB0-A908FAFD49C7} - System32\Tasks\Microsoft\Windows\Maintenance\IdleCrawler Update => %LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe <==== ATTENTION
Task: {BECF3572-3A2C-46D6-B5EF-AF26C081A242} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {CEBFD912-0F9C-4600-A2C1-F8E40CA5A50A} - \IdleCrawler Runner No Task File <==== ATTENTION
Task: {CF0E5FDA-C820-4BA9-8FA0-CB7ADF1A8802} - System32\Tasks\StormFall W2 => Chrome.exe --app=http://plarium.com/p...lisherID=1_0_73 --app-window-size=1366,768
Task: {DAB5936F-3828-46AB-B336-FCBE78EE01AE} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EC3928C5-4437-47ED-A418-9863DD59C258} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: {EF1992E7-945D-44CC-AEA3-30292754388F} - System32\Tasks\Papa NBAgent 6 0 => C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe [2012-01-13] (Nero AG)
Task: {F9928CBF-8E1E-4AE8-8E2D-AF23430F0AA4} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-08-11 10:22 - 2009-07-02 12:40 - 00147968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dldtdrpp.dll
2008-03-29 22:03 - 2007-10-12 10:34 - 00071096 _____ () C:\Program Files\iDumpPro\NMSAccessU.exe
2009-04-20 22:42 - 2008-10-06 17:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2009-04-20 22:42 - 2008-10-06 17:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2009-04-20 22:34 - 2008-09-15 15:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2009-11-03 22:51 - 2009-11-03 22:51 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-08-11 10:23 - 2008-06-24 07:26 - 00668912 _____ () C:\Program Files\Dell V305\dldtmon.exe
2014-08-11 10:23 - 2008-03-18 23:04 - 00380928 _____ () C:\Program Files\Dell V305\dldtscw.dll
2014-08-11 10:22 - 2008-01-22 03:05 - 00077906 _____ () C:\Program Files\Dell V305\dldtcfg.dll
2007-05-29 07:39 - 2007-05-29 07:39 - 00589824 _____ () C:\Windows\system32\spool\drivers\w32x86\3\dldtdatr.dll
2007-03-26 07:39 - 2007-03-26 07:39 - 00073728 _____ () C:\Windows\system32\spool\drivers\w32x86\3\dldtcats.dll
2014-08-11 10:23 - 2008-03-18 23:05 - 00782336 _____ () C:\Program Files\Dell V305\dldtDRS.dll
2014-08-11 10:23 - 2008-02-19 23:25 - 00081920 _____ () C:\Program Files\Dell V305\dldtcaps.dll
2014-08-11 10:23 - 2007-11-13 20:13 - 00069632 _____ () C:\Program Files\Dell V305\dldtcnv4.dll
2014-08-11 10:23 - 2008-02-19 23:18 - 00151552 _____ () C:\Program Files\Dell V305\dldtmonr.dll
2008-10-01 00:52 - 2008-10-01 00:52 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-10-01 00:56 - 2008-10-01 00:56 - 00032768 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
2008-10-01 00:51 - 2008-10-01 00:51 - 00118784 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
2008-10-01 00:51 - 2008-10-01 00:51 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-10-01 00:51 - 2008-10-01 00:51 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-10-01 00:51 - 2008-10-01 00:51 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-08-20 18:14 - 2009-04-11 07:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-10-01 00:51 - 2008-10-01 00:51 - 00010240 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-10-01 00:52 - 2008-10-01 00:52 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-08-11 10:23 - 2008-06-24 07:27 - 00025840 _____ () C:\Program Files\Dell V305\dldtMsdMon.exe
2014-08-11 10:23 - 2008-05-26 08:05 - 00028672 _____ () C:\Program Files\Dell V305\App4R.Monitor.Common.dll
2014-08-11 10:23 - 2008-05-26 08:05 - 00036864 _____ () C:\Program Files\Dell V305\App4R.Monitor.Core.dll
2014-08-11 10:23 - 2008-05-26 08:04 - 00061440 _____ () C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.dll
2014-08-11 10:23 - 2007-11-22 09:55 - 00011776 _____ () C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.autoplayutil.dll
2009-04-20 21:31 - 2008-04-11 17:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2014-04-08 18:42 - 2014-04-08 18:42 - 00048640 _____ () C:\Program Files\AOL Desktop 9.7\zlib.dll
2014-04-08 18:42 - 2014-04-08 18:42 - 21151744 _____ () C:\Program Files\AOL Desktop 9.7\libcef.dll
2014-04-08 18:42 - 2014-04-08 18:42 - 00648704 _____ () C:\Program Files\AOL Desktop 9.7\libglesv2.dll
2014-04-08 18:42 - 2014-04-08 18:42 - 00122880 _____ () C:\Program Files\AOL Desktop 9.7\libegl.dll
2014-04-08 18:42 - 2014-04-08 18:42 - 00094208 _____ () C:\Program Files\AOL Desktop 9.7\Components\Tier2Svc.dll
2014-04-08 18:42 - 2014-04-08 18:42 - 00060928 _____ () C:\Program Files\AOL Desktop 9.7\Components\DataSvcs.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:A2947BEA
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2066108842-3818072011-482783874-500 - Administrator - Disabled)
Guest (S-1-5-21-2066108842-3818072011-482783874-501 - Limited - Enabled)
Papa (S-1-5-21-2066108842-3818072011-482783874-1003 - Administrator - Enabled) => C:\Users\Papa
 
==================== Faulty Device Manager Devices =============
 
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Dell V305 #2
Description: Dell V305
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Dell V305 #3
Description: Dell V305
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Dell V305 #4
Description: Dell V305
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Dell V305 #5
Description: Dell V305
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/28/2014 06:13:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/28/2014 06:09:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 28.9.2014.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 12bc
Start Time: 01cfdb3ecd6e24ea
Termination Time: 15
 
 
System errors:
=============
Error: (09/28/2014 06:14:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ybsqrar
 
Error: (09/28/2014 06:14:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: dldtCATSCustConnectService%%1053
 
Error: (09/28/2014 06:14:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000dldtCATSCustConnectService
 
Error: (09/28/2014 06:14:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (08/04/2014 09:55:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (08/04/2014 09:55:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (08/04/2014 09:51:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 118632 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-28 18:22:19.040
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 18:22:18.011
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 18:22:17.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 18:20:47.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 18:20:46.385
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 18:20:45.293
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 18:20:44.185
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 18:20:43.187
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 18:20:42.188
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 18:20:41.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Turion Dual-Core RM-75
Percentage of memory in use: 47%
Total physical RAM: 2813.69 MB
Available physical RAM: 1473.47 MB
Total Pagefile: 5849.79 MB
Available Pagefile: 4263.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.91 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:287.17 GB) (Free:155.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: D610896A)
Partition 1: (Active) - (Size=287.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/09/2014 at 18:07:18.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

  • 0

#5
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Ian, 

 

Thanks for the logs. I'll check back in later with instructions for you. 

 

Adam. 


  • 0

#6
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Ian, 
 
Apologies for the delay. Lets deal with the adware/malware on your machine, and we'll move onto your optional programmes later. 
 
STEP 1
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • Pando Media Booster
    • PC Driver Kit v3.1
    • LowPricesApp
    • MediaWidget 5.5
    • HiDef Media Player 1.1.12
    • iDumpPro
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme will run. If prompted again click Yes.
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-2066108842-3818072011-482783874-1003\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    SearchScopes: HKLM - {B5F099C4-BFA8-4583-9FA5-E80C8E8040D5} URL = http://www.ask.com/w...}&l=dis&o=ushpl
    Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
    CHR Extension: (Yahoo Extension) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-08-12]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    S0 ybsqrar; System32\drivers\afbkotbu.sys [X]
    Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HMA Pro VPN 2.0.lnk
    ShortcutTarget: HMA Pro VPN 2.0.lnk -> C:\Program Files\HMA! Pro VPN\bin\HMA! Pro VPN.exe (No File)
    2014-09-21 08:37 - 2014-06-16 15:47 - 00067584 _____ () C:\Users\Papa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    Folder: C:\ProgramData\288e76fe2ecde1c4
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
    CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    Task: {BD3EE0EA-B9F3-484C-ACB0-A908FAFD49C7} - System32\Tasks\Microsoft\Windows\Maintenance\IdleCrawler Update => %LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe <==== ATTENTION
    Task: {CEBFD912-0F9C-4600-A2C1-F8E40CA5A50A} - \IdleCrawler Runner No Task File <==== ATTENTION
    Task: {DAB5936F-3828-46AB-B336-FCBE78EE01AE} - \TidyNetwork Update No Task File <==== ATTENTION
    %LOCALAPPDATA%\IdleCrawler
    () C:\Program Files\iDumpPro\NMSAccessU.exe
    R2 NMSAccessU; C:\Program Files\iDumpPro\NMSAccessU.exe [71096 2007-10-12] ()
    2008-03-29 22:03 - 2007-10-12 10:34 - 00071096 _____ () C:\Program Files\iDumpPro\NMSAccessU.exe
    C:\Program Files\iDumpPro
    FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    C:\Program Files\Pando Networks
    Task: {09E6FF0B-0570-481A-932B-13C9F514C45A} - System32\Tasks\StormFall TM => Chrome.exe --app=http://plarium.com/p...lisherID=1_0_73 --app-window-size=1366,768
    Task: {0C664392-3AC0-48D3-9AA2-1DC253B528CE} - System32\Tasks\StormFall W1 => Chrome.exe --app=http://plarium.com/p...lisherID=1_0_73 --app-window-size=1366,768
    Task: {3C65948D-B3FC-408A-A24C-7A9777AB8876} - System32\Tasks\StormFall TW1 => Chrome.exe --app=http://plarium.com/p...lisherID=1_0_73 --app-window-size=1366,768
    Task: {BA022E14-F743-44D5-B271-5EFEB0955C96} - System32\Tasks\StormFall TW2 => Chrome.exe --app=http://plarium.com/p...lisherID=1_0_73 --app-window-size=1366,768
    Task: {CF0E5FDA-C820-4BA9-8FA0-CB7ADF1A8802} - System32\Tasks\StormFall W2 => Chrome.exe --app=http://plarium.com/p...lisherID=1_0_73 --app-window-size=1366,768
    Task: {93653634-2079-4281-9893-97166FA4B3EB} - System32\Tasks\PC Cleaner Schedule => C:\Program Files\PC Cleaner\PCCLauncher.exe
    C:\Program Files\PC Cleaner
    AlternateDataStreams: C:\ProgramData\Temp:373E1720
    AlternateDataStreams: C:\ProgramData\Temp:A2947BEA
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: bitsadmin /reset /allusers
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name.
  • Important: The file must be saved in the same location as FRST.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 3
nWhGEI3.png VirusTotal Upload

  • Please go to VirusTotal.com.
  • Click Choose File and locate the following file:
    • C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
  • Click Scan it!.
  • If you receive the following notification: File already analysed click Reanalyse.
  • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply.
  • Please do the same for the files below:
    • C:\ProgramData\nvModes.001
    • C:\ProgramData\nvModes.dat
    • C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
       

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did the programmes uninstall OK in Revo?
  • Fixlog.txt
  • VirusTotal Results

  • 0

#7
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Hello Adam,

 

Mixed reply this time.

 

Not clean at all.

 

Cheers

Ian   :confused:

 

Unistaller items uninstalled as requested.

 

FRST stopped during its fix.

 

Here is the log. I ran it again but it stopped again.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-09-2014 01
Ran by Papa at 2014-09-29 13:16:50 Run:2
Running from C:\Users\Papa\Desktop
Loaded Profile: Papa (Available profiles: Papa)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2066108842-3818072011-482783874-1003\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - {B5F099C4-BFA8-4583-9FA5-E80C8E8040D5} URL = http://www.ask.com/w...}&l=dis&o=ushpl
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
CHR Extension: (Yahoo Extension) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-08-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S0 ybsqrar; System32\drivers\afbkotbu.sys [X]
Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HMA Pro VPN 2.0.lnk
ShortcutTarget: HMA Pro VPN 2.0.lnk -> C:\Program Files\HMA! Pro VPN\bin\HMA! Pro VPN.exe (No File)
2014-09-21 08:37 - 2014-06-16 15:47 - 00067584 _____ () C:\Users\Papa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Folder: C:\ProgramData\288e76fe2ecde1c4
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
Task: {BD3EE0EA-B9F3-484C-ACB0-A908FAFD49C7} - System32\Tasks\Microsoft\Windows\Maintenance\IdleCrawler Update => %LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe <==== ATTENTION
Task: {CEBFD912-0F9C-4600-A2C1-F8E40CA5A50A} - \IdleCrawler Runner No Task File <==== ATTENTION
Task: {DAB5936F-3828-46AB-B336-FCBE78EE01AE} - \TidyNetwork Update No Task File <==== ATTENTION
%LOCALAPPDATA%\IdleCrawler
() C:\Program Files\iDumpPro\NMSAccessU.exe
R2 NMSAccessU; C:\Program Files\iDumpPro\NMSAccessU.exe [71096 2007-10-12] ()
2008-03-29 22:03 - 2007-10-12 10:34 - 00071096 _____ () C:\Program Files\iDumpPro\NMSAccessU.exe
C:\Program Files\iDumpPro
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
C:\Program Files\Pando Networks
Task: {09E6FF0B-0570-481A-932B-13C9F514C45A} - System32\Tasks\StormFall TM => Chrome.exe --app=http://plarium.com/p...lisherID=1_0_73 --app-window-size=1366,768
Task: {0C664392-3AC0-48D3-9AA2-1DC253B528CE} - System32\Tasks\StormFall W1 => Chrome.exe --app=http://plarium.com/p...lisherID=1_0_73 --app-window-size=1366,768
Task: {3C65948D-B3FC-408A-A24C-7A9777AB8876} - System32\Tasks\StormFall TW1 => Chrome.exe --app=http://plarium.com/p...lisherID=1_0_73 --app-window-size=1366,768
Task: {BA022E14-F743-44D5-B271-5EFEB0955C96} - System32\Tasks\StormFall TW2 => Chrome.exe --app=http://plarium.com/p...lisherID=1_0_73 --app-window-size=1366,768
Task: {CF0E5FDA-C820-4BA9-8FA0-CB7ADF1A8802} - System32\Tasks\StormFall W2 => Chrome.exe --app=http://plarium.com/p...lisherID=1_0_73 --app-window-size=1366,768
Task: {93653634-2079-4281-9893-97166FA4B3EB} - System32\Tasks\PC Cleaner Schedule => C:\Program Files\PC Cleaner\PCCLauncher.exe
C:\Program Files\PC Cleaner
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:A2947BEA
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKU\S-1-5-21-2066108842-3818072011-482783874-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktopCleanupWizard => Value not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B5F099C4-BFA8-4583-9FA5-E80C8E8040D5}" => Key not found.
"HKCR\CLSID\{B5F099C4-BFA8-4583-9FA5-E80C8E8040D5}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value not found.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}" => Key not found.
"HKCR\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}" => Key not found.
"HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1" => Key not found.
C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key not found.
ybsqrar => Service not found.
C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HMA Pro VPN 2.0.lnk not found.
C:\Program Files\HMA! Pro VPN\bin\HMA! Pro VPN.exe not found.
"C:\Users\Papa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => File/Directory not found.
 
========================= Folder: C:\ProgramData\288e76fe2ecde1c4 ========================
 
2014-09-03 16:48 - 2014-09-03 16:48 - 0000156 _____ () C:\ProgramData\288e76fe2ecde1c4\0f29801820a37114be8c004315fe6e3f.ini
2014-06-12 01:15 - 2014-06-12 01:15 - 0000540 _____ () C:\ProgramData\288e76fe2ecde1c4\15a1758beb4d95dabe8c004315fe6e3f.ini
2014-06-27 23:46 - 2014-06-27 23:46 - 0000541 _____ () C:\ProgramData\288e76fe2ecde1c4\15a1758beb4d95dae5ad8b8b7fada0c2.ini
2014-06-12 01:36 - 2014-06-12 01:36 - 0000537 _____ () C:\ProgramData\288e76fe2ecde1c4\1878c1afe37a6843be8c004315fe6e3f.ini
2014-07-06 01:17 - 2014-07-06 01:17 - 0000510 _____ () C:\ProgramData\288e76fe2ecde1c4\198cdfe22d13c1abe5ad8b8b7fada0c2.ini
2014-06-12 15:17 - 2014-06-12 15:17 - 0000522 _____ () C:\ProgramData\288e76fe2ecde1c4\242c2fd4536773fabe8c004315fe6e3f.ini
2014-06-12 15:17 - 2014-06-12 15:17 - 0000534 _____ () C:\ProgramData\288e76fe2ecde1c4\3ed03cfb56800283be8c004315fe6e3f.ini
2014-06-12 01:15 - 2014-06-12 01:15 - 0000513 _____ () C:\ProgramData\288e76fe2ecde1c4\5563f418483f3111be8c004315fe6e3f.ini
2014-06-27 23:46 - 2014-06-27 23:46 - 0000520 _____ () C:\ProgramData\288e76fe2ecde1c4\5563f418483f3111e5ad8b8b7fada0c2.ini
2014-08-05 13:05 - 2014-08-05 13:05 - 0000504 _____ () C:\ProgramData\288e76fe2ecde1c4\659310361e8c6f3ce5ad8b8b7fada0c2.ini
2014-09-03 16:49 - 2014-09-03 16:49 - 0000508 _____ () C:\ProgramData\288e76fe2ecde1c4\8667b30c8487a893be8c004315fe6e3f.ini
2014-07-02 20:24 - 2014-07-02 20:24 - 0000402 _____ () C:\ProgramData\288e76fe2ecde1c4\87b1cffeb795e9ffe5ad8b8b7fada0c2.ini
2014-06-12 01:35 - 2014-06-12 01:35 - 0000510 _____ () C:\ProgramData\288e76fe2ecde1c4\88ca0666a8bc42bcbe8c004315fe6e3f.ini
2014-08-05 13:03 - 2014-08-05 13:03 - 0000158 _____ () C:\ProgramData\288e76fe2ecde1c4\949eb5250aa63df0e5ad8b8b7fada0c2.ini
2014-09-03 16:48 - 2014-09-03 16:48 - 0000358 _____ () C:\ProgramData\288e76fe2ecde1c4\a220577b68ed26b8be8c004315fe6e3f.ini
2014-08-05 13:04 - 2014-08-05 13:04 - 0000356 _____ () C:\ProgramData\288e76fe2ecde1c4\b895ebcf88104095e5ad8b8b7fada0c2.ini
2014-07-06 01:15 - 2014-07-06 01:15 - 0000337 _____ () C:\ProgramData\288e76fe2ecde1c4\bd95dd966694472de5ad8b8b7fada0c2.ini
2014-06-11 16:31 - 2014-06-11 16:31 - 0000362 _____ () C:\ProgramData\288e76fe2ecde1c4\c6fe71eb0df19321be8c004315fe6e3f.ini
2014-07-06 01:16 - 2014-07-06 01:16 - 0000400 _____ () C:\ProgramData\288e76fe2ecde1c4\c90970dadaa8483be5ad8b8b7fada0c2.ini
2014-07-02 20:22 - 2014-07-02 20:22 - 0000505 _____ () C:\ProgramData\288e76fe2ecde1c4\d236748b2ecd3b60e5ad8b8b7fada0c2.ini
2014-07-02 20:24 - 2014-07-02 20:24 - 0000353 _____ () C:\ProgramData\288e76fe2ecde1c4\d5fe86451e44dffce5ad8b8b7fada0c2.ini
 
====== End of Folder: ======
 
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}" => Key not found.
"HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD3EE0EA-B9F3-484C-ACB0-A908FAFD49C7}" => Key not found.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\IdleCrawler Update not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\IdleCrawler Update" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEBFD912-0F9C-4600-A2C1-F8E40CA5A50A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IdleCrawler Runner" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAB5936F-3828-46AB-B336-FCBE78EE01AE}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key not found.
%LOCALAPPDATA%\IdleCrawler => Error: No automatic fix found for this entry.
C:\Program Files\iDumpPro\NMSAccessU.exe => No running process found
NMSAccessU => Service not found.
"C:\Program Files\iDumpPro\NMSAccessU.exe" => File/Directory not found.
"C:\Program Files\iDumpPro" => File/Directory not found.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key not found.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
"C:\Program Files\Pando Networks" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09E6FF0B-0570-481A-932B-13C9F514C45A}" => Key not found.
C:\Windows\System32\Tasks\StormFall TM not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TM" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C664392-3AC0-48D3-9AA2-1DC253B528CE}" => Key not found.
C:\Windows\System32\Tasks\StormFall W1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall W1" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C65948D-B3FC-408A-A24C-7A9777AB8876}" => Key not found.
C:\Windows\System32\Tasks\StormFall TW1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TW1" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA022E14-F743-44D5-B271-5EFEB0955C96}" => Key not found.
C:\Windows\System32\Tasks\StormFall TW2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TW2" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF0E5FDA-C820-4BA9-8FA0-CB7ADF1A8802}" => Key not found.
C:\Windows\System32\Tasks\StormFall W2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall W2" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93653634-2079-4281-9893-97166FA4B3EB}" => Key not found.
C:\Windows\System32\Tasks\PC Cleaner Schedule not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Cleaner Schedule" => Key not found.
"C:\Program Files\PC Cleaner" => File/Directory not found.
"C:\ProgramData\Temp" => ":373E1720" ADS not found.
"C:\ProgramData\Temp" => ":A2947BEA" ADS not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
*********************************************************************
 
VIRUSTOTAL
 
When looking for 
 
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
 
 I got a warning saying "Do not remove or delete these files, your system may stop working" and that the programs should only be removed using the uninstall procedure. This message shows over a number of lines numbered aa ab ac ad ae af ag etc, the command GoogleDesktop.exe is on line ak it shows as ak ### GoogleDesktop.exe-Unistall
 
Cannot find the following
 
  • C:\ProgramData\nvModes.001
  • C:\ProgramData\nvModes.dat
 
URL for 
 
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

 

https://www.virustot...sis/1411993823/


  • 0

#8
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Ian, 
 

I got a warning saying "Do not remove or delete these files, your system may stop working"

Where did you see this warning? 
Did it pop-up? 
 
Do you use Google Desktop? Would you like to keep the programme installed?

Google discontinued the programme some years ago, and labeled it as obsolete. You can read about the programme here.
 

 

Regarding the two files you couldn't find. Please do the following:
 
nSymGHK.png Folder Options & VirusTotal

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Control Folders and click OK.
  • Click View. Under Hidden files and folders:
  • Place a checkmark next to Show hidden files, folders and drives.
  • Remove the checkmark next to Hide extensions for known file types.
  • Remove the checkmark next to Hide protected operating system Files (Recommended).
  • Click Apply followed by OK.
  • Go to VirusTotal. Click Choose File
  • Locate the files by navigating through the file path (C:\ -> ProgramData -> nvModes.001). 
  • Scan both files, and post the two URLs. 

     
  • If the above does not work, please do the following:
  • Open Windows Explorer and locate the two files:
    • C:\ProgramData\nvModes.001
    • C:\ProgramData\nvModes.dat
  • Right-click and click Copy. Navigate to your Desktop. Right-click your Desktop and click Paste
  • Go to VirusTotal. Click Choose File. Scan the two files you just copied to your Desktop

  • 0

#9
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Hello Adam,

 

Requested scans,

 

https://www.virustot...sis/1412013334/

 

https://www.virustot...sis/1412013432/

 

I do not use Google Desktop.

 

Can I send you an image it shows the warning? It did not popup it was in the C:\Program Files\Google\Google Desktop Search file.

 

Regards,
Ian


  • 0

#10
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Ian, 

 

Yes. Please take a screenshot, and upload the image to Imgur.com.


  • 0

Advertisements


#11
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Hi Adam,

 

Image

 

http://imgur.com/X2HZJ7X

 

Regards

Ian


  • 0

#12
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Ian, 
 
OK, that's fine. Those files, whilst appear dubious, are in fact legitimate. Certainly not one of Google's brightest ideas. 
Lets confirm your computer appears free of malware, and we'll get onto clearing out unneeded programmes, etc. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    C:\ProgramData\288e76fe2ecde1c4
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
CXrghb6.png Update/Remove Java

  • Download the latest version of j8JVMVP.jpg Java from here (watch out for "Optional Offers" during the update process).
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Java 7 Update 55
    • Java™ 6 Update 7
  • Follow the prompts, and reboot if necessary. 
     

STEP 3
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 4
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

STEP 5
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
     

======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • Did Java update/remove successfully? 
  • MBAM Scan log
  • ESET Online Scan log
  • FRST.txt
  • Addition.txt

  • 0

#13
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Hello Adam

 

Mixed fortunes again this time

 

Norton 360 kept deleteing FRTS, I had to manually overide to get it activated, when it did run it stopped before completion.

 

Java did not update correctly, so I manually deleted all Java programs and downloded as requested.

 

Here are the logs

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-09-2014
Ran by Papa at 2014-09-30 08:34:10 Run:6
Running from C:\Users\Papa\Desktop
Loaded Profile: Papa (Available profiles: Papa)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
C:\ProgramData\288e76fe2ecde1c4
EmptyTemp:
end
*****************
 
"C:\ProgramData\288e76fe2ecde1c4" => File/Directory not found.
 
Malware
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 30/09/2014
Scan Time: 10:48:53
Logfile: Malwarelog.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.30.03
Rootkit Database: v2014.09.19.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Papa
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347495
Time Elapsed: 30 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.Superfish.A, C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [61243ab5c6b537ffd824f436699a51af], 
PUP.Optional.Superfish.A, C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [afd63bb40b70bf7734c8fd2df21142be], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
ESET log
 
 
 
 
 
C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\precache.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\SaUpdate.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\UpdateTask.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\Updater\Updater.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProCrash.dll.vir a variant of Win32/SProtector.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProCrashSvc.dll.vir a variant of Win32/SProtector.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\WiseEnhance\bin\WiseEnhance.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\WiseEnhance\bin\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}.dll.vir a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\RoyalCoupon\MTGk7H.exe.vir a variant of Win32/AdWare.MultiPlug.AG application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\AskToolbar\setup.exe.vir a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bb16wpfz.default\Extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\dtuser.exe.vir a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Program Files\ManyCam\dtuser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Program Files\ManyCam\mystartDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Program Files\ManyCam\mystarttb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\ProgramData\EmailNotifier\dtuser\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\ProgramData\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.res a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\All Users\EmailNotifier\dtuser\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\All Users\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.res a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Papa\Documents\New Folder\winzip175-mediafire_c1.exe a variant of Win32/InstallCore.PO potentially unwanted application
C:\Users\Papa\Downloads\java_installer.exe a variant of Win32/SoftPulse.H potentially unwanted application
C:\Users\Papa\Downloads\winzip18-lan_en.exe a variant of Win32/InstallCore.PO potentially unwanted application
C:\Windows\Installer\12c478.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
 
 
FRST log not complete??
 
 
 
LastRegBack: 2014-09-30 09:16
 
==================== End Of Log ============================
 
 
 
Additions  log
 
23-08-2014 11:39:15 Installed HP Support Solutions Framework
24-08-2014 12:11:44 Installed calibre
25-08-2014 14:38:39 Removed ABBYY FineReader 6.0 Sprint
26-08-2014 07:00:00 Windows Update
30-08-2014 06:32:41 Windows Update
30-08-2014 11:09:42 Installed Betting Assistant
30-08-2014 11:29:49 Removed Betting Assistant
30-08-2014 11:34:38 Installed Betting Assistant
03-09-2014 15:43:46 Windows Update
14-09-2014 09:55:58 Windows Update
17-09-2014 16:30:19 Windows Update
23-09-2014 17:46:46 Windows Update
25-09-2014 06:39:05 Removed WinZip 17.5
26-09-2014 11:34:36 Windows Update
29-09-2014 11:34:00 Revo Uninstaller's restore point - Pando Media Booster
29-09-2014 11:51:02 Revo Uninstaller's restore point - PC Driver Kit v3.1
29-09-2014 11:55:22 Revo Uninstaller's restore point - LowPricesApp
29-09-2014 11:56:45 Revo Uninstaller's restore point - MediaWidget 5.5
29-09-2014 11:59:37 Revo Uninstaller's restore point - HiDef Media Player 1.1.12
29-09-2014 12:05:44 Revo Uninstaller's restore point - iDumpPro
30-09-2014 06:54:25 Windows Update
30-09-2014 07:06:38 Installed Java 7 Update 67
30-09-2014 07:12:26 Removed Java 7 Update 67
30-09-2014 07:24:18 Installed Java 7 Update 67
30-09-2014 07:39:49 Removed Java 7 Update 67
30-09-2014 07:42:07 Removed Java 7 Update 67
30-09-2014 07:43:10 Removed Java™ 6 Update 7
30-09-2014 07:45:55 Installed Java 7 Update 67
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0945C271-F095-4A39-B438-2F67ACD24F81} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2AE7A0EB-0ED1-4636-A0CE-8B404929E8B0} - System32\Tasks\20140813_134755_Restore => C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe [2012-01-13] (Nero AG)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {321CE915-A405-4711-A78C-072B490DE5D1} - System32\Tasks\{E0603528-F91D-413F-AABC-FE9CC22D5638} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {46DACE82-B3F3-4134-99AE-3F754EA1DE21} - System32\Tasks\Papa Nero LIVEBackup Merge 6 0 => C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe [2012-01-13] (Nero AG)
Task: {629904EC-946F-4E6E-B8A8-24C6529034A0} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {6C898390-5353-4F8E-8816-63A7B3E3BE6E} - System32\Tasks\Papa Nero LIVEBackup 6 0 => C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe [2012-01-13] (Nero AG)
Task: {6FA31F59-BB10-4F7B-A3B9-4D9AA254D69B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-31] (Google Inc.)
Task: {7B03A13F-E1C8-4A57-9EB8-9BBA375DA92E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-31] (Google Inc.)
Task: {8928E6AE-038C-4BAA-BA10-A72D326E5557} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {8AD369F3-13A3-4267-AF3D-81E188188BCA} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {9B1691A7-E15F-4BE8-BBBE-9269DA6545BC} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {BECF3572-3A2C-46D6-B5EF-AF26C081A242} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EC3928C5-4437-47ED-A418-9863DD59C258} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: {EF1992E7-945D-44CC-AEA3-30292754388F} - System32\Tasks\Papa NBAgent 6 0 => C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe [2012-01-13] (Nero AG)
Task: {F9928CBF-8E1E-4AE8-8E2D-AF23430F0AA4} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-08-11 10:22 - 2009-07-02 12:40 - 00147968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dldtdrpp.dll
2014-08-11 10:22 - 2008-01-22 03:05 - 00077906 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dldtCFG.dll
2009-04-20 22:42 - 2008-10-06 17:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2009-04-20 22:42 - 2008-10-06 17:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2009-04-20 22:34 - 2008-09-15 15:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2009-11-03 22:51 - 2009-11-03 22:51 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-08-11 10:23 - 2008-06-24 07:26 - 00668912 _____ () C:\Program Files\Dell V305\dldtmon.exe
2014-08-11 10:23 - 2008-03-18 23:04 - 00380928 _____ () C:\Program Files\Dell V305\dldtscw.dll
2014-08-11 10:22 - 2008-01-22 03:05 - 00077906 _____ () C:\Program Files\Dell V305\dldtcfg.dll
2007-05-29 07:39 - 2007-05-29 07:39 - 00589824 _____ () C:\Windows\system32\spool\drivers\w32x86\3\dldtdatr.dll
2007-03-26 07:39 - 2007-03-26 07:39 - 00073728 _____ () C:\Windows\system32\spool\drivers\w32x86\3\dldtcats.dll
2014-08-11 10:23 - 2008-03-18 23:05 - 00782336 _____ () C:\Program Files\Dell V305\dldtDRS.dll
2014-08-11 10:23 - 2008-02-19 23:25 - 00081920 _____ () C:\Program Files\Dell V305\dldtcaps.dll
2014-08-11 10:23 - 2007-11-13 20:13 - 00069632 _____ () C:\Program Files\Dell V305\dldtcnv4.dll
2014-08-11 10:23 - 2008-02-19 23:18 - 00151552 _____ () C:\Program Files\Dell V305\dldtmonr.dll
2014-08-20 14:17 - 2014-08-20 14:18 - 00036352 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2008-10-01 00:52 - 2008-10-01 00:52 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-10-01 00:56 - 2008-10-01 00:56 - 00032768 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
2008-10-01 00:51 - 2008-10-01 00:51 - 00118784 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
2008-10-01 00:51 - 2008-10-01 00:51 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-10-01 00:51 - 2008-10-01 00:51 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-10-01 00:51 - 2008-10-01 00:51 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-08-20 18:14 - 2009-04-11 07:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-10-01 00:51 - 2008-10-01 00:51 - 00010240 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-10-01 00:52 - 2008-10-01 00:52 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-08-11 10:23 - 2008-06-24 07:27 - 00025840 _____ () C:\Program Files\Dell V305\dldtMsdMon.exe
2014-08-11 10:23 - 2008-05-26 08:05 - 00028672 _____ () C:\Program Files\Dell V305\App4R.Monitor.Common.dll
2014-08-11 10:23 - 2008-05-26 08:05 - 00036864 _____ () C:\Program Files\Dell V305\App4R.Monitor.Core.dll
2014-08-11 10:23 - 2008-05-26 08:04 - 00061440 _____ () C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.dll
2014-08-11 10:23 - 2007-11-22 09:55 - 00011776 _____ () C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.autoplayutil.dll
2009-04-20 21:31 - 2008-04-11 17:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2014-04-08 18:42 - 2014-04-08 18:42 - 00048640 _____ () C:\Program Files\AOL Desktop 9.7\zlib.dll
2014-04-08 18:42 - 2014-04-08 18:42 - 21151744 _____ () C:\Program Files\AOL Desktop 9.7\libcef.dll
2014-04-08 18:42 - 2014-04-08 18:42 - 00648704 _____ () C:\Program Files\AOL Desktop 9.7\libglesv2.dll
2014-04-08 18:42 - 2014-04-08 18:42 - 00122880 _____ () C:\Program Files\AOL Desktop 9.7\libegl.dll
2014-04-08 18:42 - 2014-04-08 18:42 - 00094208 _____ () C:\Program Files\AOL Desktop 9.7\Components\Tier2Svc.dll
2014-04-08 18:42 - 2014-04-08 18:42 - 00060928 _____ () C:\Program Files\AOL Desktop 9.7\Components\DataSvcs.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2066108842-3818072011-482783874-500 - Administrator - Disabled)
Guest (S-1-5-21-2066108842-3818072011-482783874-501 - Limited - Enabled)
Papa (S-1-5-21-2066108842-3818072011-482783874-1003 - Administrator - Enabled) => C:\Users\Papa
 
==================== Faulty Device Manager Devices =============
 
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Dell V305 #2
Description: Dell V305
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Dell V305 #3
Description: Dell V305
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Dell V305 #4
Description: Dell V305
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Dell V305 #5
Description: Dell V305
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/30/2014 08:59:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 08:34:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 29.9.2014.0, time stamp 0x5429c7b4, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc00000fd, fault offset 0x0004a152,
process id 0x11e8, application start time 0xfrst.exe0.
 
Error: (09/30/2014 08:19:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 08:15:00 AM) (Source: MsiInstaller) (EventID: 10005) (User: Owner-PC)
Description: Product: Java 7 Update 67 -- Error 25025.  A previous Java uninstallation was never completed.  You need to restart your computer before installing Java.
 
Error: (09/30/2014 08:00:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 29.9.2014.0, time stamp 0x5429c7b4, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc00000fd, fault offset 0x00068b9f,
process id 0xc4c, application start time 0xfrst.exe0.
 
Error: (09/30/2014 07:51:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 28.9.2014.1, time stamp 0x542830ba, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc00000fd, fault offset 0x00068b9f,
process id 0x6fc, application start time 0xfrst.exe0.
 
Error: (09/30/2014 07:50:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 28.9.2014.1, time stamp 0x542830ba, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc00000fd, fault offset 0x0004a152,
process id 0x10e4, application start time 0xfrst.exe0.
 
Error: (09/30/2014 07:43:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/29/2014 08:18:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/29/2014 01:19:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 28.9.2014.1, time stamp 0x542830ba, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc00000fd, fault offset 0x00068b9f,
process id 0xb28, application start time 0xfrst.exe0.
 
 
System errors:
=============
Error: (09/30/2014 09:00:52 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5BE6D825-06C9-4D4C-83F9-42AC5FF1FB1E}.
The backup browser is stopping.
 
Error: (09/30/2014 08:59:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: dldtCATSCustConnectService%%1053
 
Error: (09/30/2014 08:59:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000dldtCATSCustConnectService
 
Error: (09/30/2014 08:59:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (09/30/2014 08:58:05 AM) (Source: netbt) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "001F16E24193" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
Error: (09/30/2014 08:58:05 AM) (Source: netbt) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "001F16E24193" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
Error: (09/30/2014 08:34:29 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5BE6D825-06C9-4D4C-83F9-42AC5FF1FB1E}.
The backup browser is stopping.
 
Error: (09/30/2014 08:19:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: dldtCATSCustConnectService%%1053
 
Error: (09/30/2014 08:19:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000dldtCATSCustConnectService
 
Error: (09/30/2014 08:19:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (08/04/2014 09:55:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (08/04/2014 09:55:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (08/04/2014 09:51:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 118632 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-30 18:27:00.230
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-30 18:26:59.201
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-30 18:26:58.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-30 18:26:57.220
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-30 18:26:32.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140912.003\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-30 18:26:31.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140912.003\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-30 18:26:30.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140912.003\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-30 18:26:29.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140912.003\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-30 17:52:34.455
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-30 17:52:33.426
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Turion Dual-Core RM-75
Percentage of memory in use: 67%
Total physical RAM: 2813.69 MB
Available physical RAM: 908.66 MB
Total Pagefile: 5849.81 MB
Available Pagefile: 3921.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.08 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:287.17 GB) (Free:150.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: D610896A)
Partition 1: (Active) - (Size=287.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 

  • 0

#14
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Ian, 

 

Most of the detections by MBAM and ESET are either files we've already removed, or remnants of adware (which are of little concern). We'll deal with the files we have to remove once you've done the following. 

  • As the FRST logs are incomplete, please delete your copy of FRST.exe (right-click + Delete).
  • Re-download FRST and save the file to your Desktop
  • Right-click FRST.exe and click Run as administator
  • Place a checkmark next to Addition.txt and click Scan
  • Post FRST.txt and Addition.txt in your next reply.

  • 0

#15
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Hello Adam

 

Revised logs

 

Cheesr

Ian

 

FRST log

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-09-2014
Ran by Papa (administrator) on OWNER-PC on 01-10-2014 07:17:47
Running from C:\Users\Papa\Desktop
Loaded Profile: Papa (Available profiles: Papa)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
( ) C:\Windows\System32\dldtcoms.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.5.0.19\n360.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.5.0.19\n360.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1402743905\ee\aolsoftware.exe
() C:\Program Files\Dell V305\dldtmon.exe
(Nero AG) C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files\Dell V305\dldtmsdmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\waol.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\shellmon.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\aolbrowser.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1402743905\ee\aolupdates.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-09-24] (CyberLink Corp.)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-14] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-14] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDIRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-14] (CyberLink Corp.)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [1638400 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1402743905\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [dldtmon.exe] => C:\Program Files\Dell V305\dldtmon.exe [668912 2008-06-24] ()
HKLM\...\Run: [dldtamon] => C:\Program Files\Dell V305\dldtamon.exe [16624 2008-06-24] ()
HKLM\...\Run: [NBAgent] => C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2012-01-13] (Nero AG)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [623880 2008-09-09] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2014-08-20] (Google)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2066108842-3818072011-482783874-1003\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-10-01] (Hewlett-Packard)
HKU\S-1-5-21-2066108842-3818072011-482783874-1003\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2066108842-3818072011-482783874-1003\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.7\AOL.EXE [72296 2014-04-08] (AOL Inc.)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [145408 2014-08-20] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
ShortcutTarget: Logitech Touch Mouse Server.lnk -> C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\system32\EhStorShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.5.0.19\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Papa\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-20]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF [2014-04-27]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn [2014-10-01]
 
Chrome: 
=======
CHR CustomProfile: C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-29]
CHR Extension: (Norton Identity Safe) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-12]
CHR Extension: (One Direction Website App) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp [2014-09-03]
CHR Extension: (Google Wallet) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-30]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46184 2014-02-06] (AOL Inc.)
S2 dldtCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe [98984 2009-07-09] ()
R2 dldt_device; C:\Windows\system32\dldtcoms.exe [594600 2009-07-09] ( )
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2014-08-20] (Google) [File not signed]
S2 gupdate1ca89eaaa4945cd; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-12-31] (Google Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\21.5.0.19\N360.exe [265040 2014-07-31] (Symantec Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2008-09-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-08-08] (Intuit Inc.) [File not signed]
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140912.003\BHDrvx86.sys [1137368 2014-09-12] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1505000.013\ccSetx86.sys [127064 2014-02-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-14] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20140929.001\IDSvix86.sys [476888 2014-08-30] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140929.018\NAVENG.SYS [95704 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140929.018\NAVEX15.SYS [1636696 2014-08-21] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1505000.013\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1505000.013\SRTSPX.SYS [32344 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1505000.013\SYMDS.SYS [367704 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1505000.013\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-04-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1505000.013\Ironx86.SYS [206936 2013-10-30] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1505000.013\SYMTDIV.SYS [384728 2014-02-18] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-29] (Apple, Inc.) [File not signed]
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-01 07:17 - 2014-10-01 07:18 - 00021119 _____ () C:\Users\Papa\Desktop\FRST.txt
2014-10-01 07:16 - 2014-10-01 07:16 - 01100288 _____ (Farbar) C:\Users\Papa\Desktop\FRST.exe
2014-09-30 12:46 - 2014-09-30 12:46 - 02347384 _____ (ESET) C:\Users\Papa\Desktop\esetsmartinstaller_enu.exe
2014-09-30 08:48 - 2014-09-30 08:48 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-30 08:48 - 2014-09-30 08:46 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-30 08:47 - 2014-09-30 08:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-30 08:47 - 2014-09-30 08:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-30 08:47 - 2014-09-30 08:46 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-30 08:08 - 2014-09-30 08:10 - 00004477 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-30 08:02 - 2014-09-30 08:02 - 00918440 _____ (Oracle Corporation) C:\Users\Papa\Desktop\chromeinstall-7u67.exe
2014-09-29 19:03 - 2014-09-29 18:49 - 00145546 _____ () C:\Users\Papa\Desktop\nvModes.dat
2014-09-29 19:03 - 2014-09-29 18:49 - 00145546 _____ () C:\Users\Papa\Desktop\nvModes.001
2014-09-29 13:10 - 2014-09-30 07:48 - 00000055 _____ () C:\Users\Papa\Desktop\fixlist.txt
2014-09-29 12:30 - 2014-09-29 12:30 - 00001017 _____ () C:\Users\Papa\Desktop\Revo Uninstaller.lnk
2014-09-29 12:30 - 2014-09-29 12:30 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-29 12:29 - 2014-09-29 12:29 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Papa\Desktop\revosetup.exe
2014-09-28 18:25 - 2014-09-30 18:29 - 00024126 _____ () C:\Users\Papa\Desktop\Addition.txt
2014-09-28 18:23 - 2014-10-01 07:18 - 00000000 ____D () C:\FRST
2014-09-28 18:07 - 2014-09-28 18:07 - 00001104 _____ () C:\Users\Papa\Desktop\JRT.txt
2014-09-28 17:54 - 2014-09-28 17:54 - 00000000 ____D () C:\Windows\ERUNT
2014-09-28 17:33 - 2014-09-28 17:33 - 01699276 _____ (Thisisu) C:\Users\Papa\Desktop\JRT.exe
2014-09-28 10:45 - 2014-09-28 10:45 - 00066620 _____ () C:\Users\Papa\Downloads\Extras.Txt
2014-09-28 10:43 - 2014-09-28 10:43 - 00086934 _____ () C:\Users\Papa\Downloads\OTL.Txt
2014-09-28 10:12 - 2014-09-28 10:12 - 00602112 _____ (OldTimer Tools) C:\Users\Papa\Downloads\OTL.exe
2014-09-26 12:41 - 2014-09-09 07:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 18:51 - 2014-09-25 18:51 - 00241129 _____ () C:\Users\Papa\Downloads\[Percival_Kate]_The_Life_and_Amours_of_the_Beautif(BookSee.org).txt
2014-09-25 18:46 - 2014-09-25 18:46 - 00502969 _____ () C:\Users\Papa\Downloads\[Ashe_Aran]_The_Handmaidens(BookSee.org).rar
2014-09-25 18:44 - 2014-09-25 18:45 - 00507214 _____ () C:\Users\Papa\Downloads\[Ashe_Aran]_The_Slave_of_Lidir(BookSee.org).rar
2014-09-25 07:41 - 2014-09-25 07:41 - 00000000 ____D () C:\Users\Papa\Documents\Add-in Express
2014-09-25 07:22 - 2012-10-25 21:43 - 00000000 ____D () C:\Users\Papa\Downloads\Aran Ashe - Choosing Lovers for Justine [Nexus] (rtf)
2014-09-25 07:20 - 2014-09-25 07:20 - 00336899 _____ () C:\Users\Papa\Downloads\[Ashe_Aran]_Choosing_Lovers_for_Justine(BookSee.org).rar
2014-09-23 18:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-23 18:32 - 2014-09-29 13:11 - 00000000 ____D () C:\AdwCleaner
2014-09-23 18:26 - 2014-09-23 18:26 - 01373475 _____ () C:\Users\Papa\Downloads\AdwCleaner.exe
2014-09-17 19:06 - 2014-08-15 15:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-17 19:06 - 2014-08-15 15:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-17 19:06 - 2014-08-15 15:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-17 19:06 - 2014-08-15 15:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-17 19:06 - 2014-08-15 15:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-17 19:06 - 2014-08-15 15:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-17 19:06 - 2014-08-15 15:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-17 19:06 - 2014-08-15 15:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-17 19:06 - 2014-08-15 15:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-17 19:06 - 2014-08-15 15:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-17 19:06 - 2014-08-15 15:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-17 19:06 - 2014-08-15 15:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-17 19:06 - 2014-08-15 15:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-17 19:06 - 2014-08-15 15:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-17 19:06 - 2014-08-15 15:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-17 19:06 - 2014-08-15 15:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-17 19:06 - 2014-08-15 15:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-17 19:06 - 2014-08-15 15:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-17 19:06 - 2014-08-15 15:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-17 19:06 - 2014-08-15 15:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-17 19:06 - 2014-08-15 15:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-01 07:13 - 2009-08-05 21:07 - 01972984 _____ () C:\Windows\WindowsUpdate.log
2014-10-01 07:10 - 2014-07-13 15:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-01 07:07 - 2009-09-07 06:33 - 00145546 _____ () C:\ProgramData\nvModes.001
2014-10-01 07:07 - 2009-08-05 21:49 - 00000248 _____ () C:\ProgramData\hpqp.ini
2014-10-01 07:06 - 2014-06-11 17:46 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-01 07:06 - 2009-12-31 21:04 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-01 07:06 - 2009-09-07 06:24 - 00145546 _____ () C:\ProgramData\nvModes.dat
2014-10-01 07:03 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 07:03 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-01 07:03 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-30 18:46 - 2006-11-02 14:01 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-30 18:34 - 2009-12-31 21:04 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-30 08:58 - 2008-01-21 03:47 - 00714708 _____ () C:\Windows\PFRO.log
2014-09-30 08:48 - 2014-04-26 23:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-30 08:34 - 2014-06-12 15:25 - 00000000 ____D () C:\Users\Papa\AppData\Local\CrashDumps
2014-09-30 08:10 - 2009-04-20 22:38 - 00000000 ____D () C:\Program Files\Java
2014-09-30 08:00 - 2014-08-11 10:22 - 00000000 ____D () C:\Program Files\Dell V305
2014-09-30 08:00 - 2014-06-11 17:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-30 07:50 - 2014-06-23 15:40 - 00000680 _____ () C:\Users\Papa\AppData\Local\d3d9caps.dat
2014-09-30 07:45 - 2014-06-14 17:39 - 00000000 ____D () C:\Users\Papa\.FBReader
2014-09-29 20:17 - 2014-04-28 02:41 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-29 13:58 - 2009-12-31 08:28 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-29 13:12 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-28 10:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-09-25 07:42 - 2014-07-07 12:46 - 00000000 ____D () C:\Users\Papa\AppData\Local\WinZip
2014-09-25 07:38 - 2014-07-14 22:10 - 00000000 ____D () C:\Users\Papa\Documents\Calibre Library
2014-09-24 19:19 - 2014-06-16 15:48 - 00000000 ____D () C:\Users\Papa\AppData\Roaming\vlc
2014-09-24 19:05 - 2014-06-14 12:12 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 19:05 - 2011-10-13 17:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 19:41 - 2011-07-26 00:18 - 00000806 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-23 19:41 - 2011-07-26 00:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-21 19:56 - 2014-06-15 13:07 - 00000000 ___RD () C:\Users\Papa\Downloads\New Folder
2014-09-21 08:12 - 2006-11-02 11:33 - 00758862 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-20 08:17 - 2014-06-11 20:09 - 00000000 ____D () C:\Users\Papa\AppData\Local\Google
2014-09-20 08:07 - 2006-11-02 13:52 - 00143360 _____ () C:\Windows\setupact.log
2014-09-17 19:41 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-17 19:03 - 2014-04-27 16:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-17 18:28 - 2006-11-02 11:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-17 17:29 - 2011-09-19 19:23 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-17 17:28 - 2011-09-19 19:22 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-15 09:06 - 2009-10-27 03:59 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Files to move or delete:
====================
C:\Users\Owner\jagex_cl_runescape_LIVE.dat
C:\Users\Owner\jagex_runescape_preferences.dat
C:\Users\Owner\jagex_runescape_preferences2.dat
 
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\_isC4F3.exe
C:\Users\Owner\AppData\Local\Temp\_isD0B6.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-01 07:13
 
==================== End Of Log ============================
 
Additions log
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-09-2014
Ran by Papa at 2014-10-01 07:19:54
Running from C:\Users\Papa\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ACID Pro 7.0 (HKLM\...\{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}) (Version: 7.0.713 - Sony)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.5 (HKLM\...\Amazon MP3 Downloader) (Version:  - )
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Betting Assistant (HKLM\...\{BC86ABDF-8148-44B3-8105-4AE9DDBFDCB6}) (Version: 1.0.64 - Gruss Software Ltd)
calibre (HKLM\...\{59E75C53-7980-45AD-ADAA-733198B4BF7F}) (Version: 2.0.0 - Kovid Goyal)
Company of Heroes 2 (HKLM\...\Steam App 231430) (Version:  - Relic Entertainment)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.0.0 - Conexant)
Dell V305 (HKLM\...\Dell V305) (Version:  - Dell, Inc.)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
EA Download Manager (HKLM\...\InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}) (Version: 4.0.0.396 - Electronic Arts)
EA Download Manager (Version: 4.0.0.396 - Electronic Arts) Hidden
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FBReader for Windows (HKLM\...\FBReader for Windows) (Version:  - )
Geek Squad 24 Hour Computer Support (HKLM\...\{F204E2B3-225D-419D-A5DE-3F97E8ADDD1B}) (Version: 2.1.322 - LogMeIn, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
High-Definition Video Playback (Version: 11.1.11100.4.196 - Nero AG) Hidden
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Battery Check (HKLM\...\HP Battery Check) (Version: 4.1.0.2 - Hewlett-Packard)
HP Battery Check (Version: 4.1.0.2 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard)
HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.1.0 - Hewlett-Packard Company)
HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
HP Total Care Setup (HKLM\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
iCopyExpert 3.1.2 (HKLM\...\iCopyExpert_is1) (Version:  - iCopyExpert.com)
iPod To Computer Transfer 5.6 (HKLM\...\iPod To Computer Transfer_is1) (Version:  - iPod2Computer, Inc)
iTunes (HKLM\...\{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}) (Version: 10.3.1.55 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0926 - CyberLink Corp.)
LabelPrint (Version: 2.5.0926 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Logitech Touch Mouse Server 1.0 (HKLM\...\Logitech Touch Mouse Server) (Version: 1.0 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL Inc.) Hidden
Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 7.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 7.0.1 (x86 en-US)) (Version: 7.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
muvee Reveal (HKLM\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
Nero 11 (HKLM\...\{810B7362-6B05-4714-AF6A-EF3A20CCD634}) (Version: 11.2.00600 - Nero AG)
Nero 11 Cliparts (Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Disc Menus Basic (Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Effects Basic (Version: 11.0.11400.14.0 - Nero AG) Hidden
Nero 11 Image Samples (Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Kwik Themes Basic (Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 PiP Effects Basic (Version: 11.0.11400.14.0 - Nero AG) Hidden
Nero 11 Video Samples (Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp 11 (Version: 6.2.18400.2.100 - Nero AG) Hidden
Nero BackItUp 11 Help (CHM) (Version: 11.0.10400 - Nero AG) Hidden
Nero Backup Drivers (HKLM\...\{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}) (Version: 1.0.11100.8.0 - Nero AG)
Nero Burning ROM 11 (Version: 11.2.10300.0.0 - Nero AG) Hidden
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero ControlCenter 11 (Version: 11.0.12700.0.27 - Nero AG) Hidden
Nero ControlCenter 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero Core Components 11 (Version: 11.0.16300.1.23 - Nero AG) Hidden
Nero CoverDesigner 11 (Version: 6.0.11000.13.100 - Nero AG) Hidden
Nero CoverDesigner 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero Express 11 (Version: 11.2.10300.0.0 - Nero AG) Hidden
Nero Express 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero Kwik Media (Version: 1.10.24800.146.100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (Version: 11.0.10200 - Nero AG) Hidden
Nero Recode 11 (Version: 5.2.10900.0.0 - Nero AG) Hidden
Nero Recode 11 Help (CHM) (Version: 11.0.10600 - Nero AG) Hidden
Nero RescueAgent 11 (Version: 4.0.10600.10.100 - Nero AG) Hidden
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400 - Nero AG) Hidden
Nero SharedVideoCodecs (Version: 1.0.11500.1.5 - Nero AG) Hidden
Nero SoundTrax 11 (Version: 5.0.10700.6.100 - Nero AG) Hidden
Nero SoundTrax 11 Help (CHM) (Version: 11.0.10400 - Nero AG) Hidden
Nero Update (Version: 11.0.11500.28.0 - Nero AG) Hidden
Nero Video 11 (Version: 8.2.15700.3.100 - Nero AG) Hidden
Nero Video 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero WaveEditor 11 (Version: 6.2.11300.0.100 - Nero AG) Hidden
Nero WaveEditor 11 Help (CHM) (Version: 11.0.10400 - Nero AG) Hidden
nero.prerequisites.msi (Version: 11.0.20010 - Nero AG) Hidden
Norton 360 (HKLM\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
Norton Internet Security (Version: 16.0.0.125 - Symantec Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
Power Tab Editor 1.7 (HKLM\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)
Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.)
PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickBooks Pro 2009 (HKLM\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4001.703 - Intuit Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype web features (HKLM\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3971 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SPORE™ (HKLM\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
System Requirements Lab CYRI (HKLM\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TuxGuitar (HKLM\...\TuxGuitar 1.0) (Version: 1.0 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WeatherBug® (HKLM\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
Welcome App (Start-up experience) (Version: 11.0.23500.0.0 - Nero AG) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{1780ADA5-3A29-3585-A9FF-40C8186BE344}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{19EABA9F-F6A6-3819-823A-2686E2A9312D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{2A0C2A39-A9EF-3DBE-911A-6D0B4DF94D04}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{38952F1E-F6A7-3306-9326-E7DB4C2E9568}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{3AF2C83F-13AF-3F62-AC52-A975EB2B88FC}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{51B41EFD-4425-3B34-9ED9-4400FAB105BD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{57719D6B-9FE2-397B-8AC1-D3EE59883165}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{73200952-7BF0-35A6-BA4C-AED65FC453D5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{738CD606-129D-45db-86D6-6C9739C750CA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{85454798-8737-3287-B75D-3B31DC32572C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{9851A417-A10E-3AE3-B75D-1B1041881EE3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D8993B26-50F0-3ADC-9C55-010001146949}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2066108842-3818072011-482783874-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
 
==================== Restore Points  =========================
 
23-08-2014 11:39:15 Installed HP Support Solutions Framework
24-08-2014 12:11:44 Installed calibre
25-08-2014 14:38:39 Removed ABBYY FineReader 6.0 Sprint
26-08-2014 07:00:00 Windows Update
30-08-2014 06:32:41 Windows Update
30-08-2014 11:09:42 Installed Betting Assistant
30-08-2014 11:29:49 Removed Betting Assistant
30-08-2014 11:34:38 Installed Betting Assistant
03-09-2014 15:43:46 Windows Update
14-09-2014 09:55:58 Windows Update
17-09-2014 16:30:19 Windows Update
23-09-2014 17:46:46 Windows Update
25-09-2014 06:39:05 Removed WinZip 17.5
26-09-2014 11:34:36 Windows Update
29-09-2014 11:34:00 Revo Uninstaller's restore point - Pando Media Booster
29-09-2014 11:51:02 Revo Uninstaller's restore point - PC Driver Kit v3.1
29-09-2014 11:55:22 Revo Uninstaller's restore point - LowPricesApp
29-09-2014 11:56:45 Revo Uninstaller's restore point - MediaWidget 5.5
29-09-2014 11:59:37 Revo Uninstaller's restore point - HiDef Media Player 1.1.12
29-09-2014 12:05:44 Revo Uninstaller's restore point - iDumpPro
30-09-2014 06:54:25 Windows Update
30-09-2014 07:06:38 Installed Java 7 Update 67
30-09-2014 07:12:26 Removed Java 7 Update 67
30-09-2014 07:24:18 Installed Java 7 Update 67
30-09-2014 07:39:49 Removed Java 7 Update 67
30-09-2014 07:42:07 Removed Java 7 Update 67
30-09-2014 07:43:10 Removed Java™ 6 Update 7
30-09-2014 07:45:55 Installed Java 7 Update 67
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0945C271-F095-4A39-B438-2F67ACD24F81} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2AE7A0EB-0ED1-4636-A0CE-8B404929E8B0} - System32\Tasks\20140813_134755_Restore => C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe [2012-01-13] (Nero AG)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {321CE915-A405-4711-A78C-072B490DE5D1} - System32\Tasks\{E0603528-F91D-413F-AABC-FE9CC22D5638} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {46DACE82-B3F3-4134-99AE-3F754EA1DE21} - System32\Tasks\Papa Nero LIVEBackup Merge 6 0 => C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe [2012-01-13] (Nero AG)
Task: {629904EC-946F-4E6E-B8A8-24C6529034A0} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {6C898390-5353-4F8E-8816-63A7B3E3BE6E} - System32\Tasks\Papa Nero LIVEBackup 6 0 => C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe [2012-01-13] (Nero AG)
Task: {6FA31F59-BB10-4F7B-A3B9-4D9AA254D69B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-31] (Google Inc.)
Task: {7B03A13F-E1C8-4A57-9EB8-9BBA375DA92E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-31] (Google Inc.)
Task: {8928E6AE-038C-4BAA-BA10-A72D326E5557} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {8AD369F3-13A3-4267-AF3D-81E188188BCA} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {9B1691A7-E15F-4BE8-BBBE-9269DA6545BC} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {BECF3572-3A2C-46D6-B5EF-AF26C081A242} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EC3928C5-4437-47ED-A418-9863DD59C258} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: {EF1992E7-945D-44CC-AEA3-30292754388F} - System32\Tasks\Papa NBAgent 6 0 => C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe [2012-01-13] (Nero AG)
Task: {F9928CBF-8E1E-4AE8-8E2D-AF23430F0AA4} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-08-11 10:22 - 2009-07-02 12:40 - 00147968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dldtdrpp.dll
2014-08-11 10:22 - 2008-01-22 03:05 - 00077906 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dldtCFG.dll
2009-04-20 22:42 - 2008-10-06 17:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2009-04-20 22:42 - 2008-10-06 17:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2009-04-20 22:34 - 2008-09-15 15:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2009-11-03 22:51 - 2009-11-03 22:51 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-08-11 10:23 - 2008-06-24 07:26 - 00668912 _____ () C:\Program Files\Dell V305\dldtmon.exe
2014-08-11 10:23 - 2008-03-18 23:04 - 00380928 _____ () C:\Program Files\Dell V305\dldtscw.dll
2014-08-11 10:22 - 2008-01-22 03:05 - 00077906 _____ () C:\Program Files\Dell V305\dldtcfg.dll
2007-05-29 07:39 - 2007-05-29 07:39 - 00589824 _____ () C:\Windows\system32\spool\drivers\w32x86\3\dldtdatr.dll
2007-03-26 07:39 - 2007-03-26 07:39 - 00073728 _____ () C:\Windows\system32\spool\drivers\w32x86\3\dldtcats.dll
2014-08-11 10:23 - 2008-03-18 23:05 - 00782336 _____ () C:\Program Files\Dell V305\dldtDRS.dll
2014-08-11 10:23 - 2008-02-19 23:25 - 00081920 _____ () C:\Program Files\Dell V305\dldtcaps.dll
2014-08-11 10:23 - 2007-11-13 20:13 - 00069632 _____ () C:\Program Files\Dell V305\dldtcnv4.dll
2014-08-11 10:23 - 2008-02-19 23:18 - 00151552 _____ () C:\Program Files\Dell V305\dldtmonr.dll
2014-08-20 14:17 - 2014-08-20 14:18 - 00036352 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2008-10-01 00:52 - 2008-10-01 00:52 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-10-01 00:56 - 2008-10-01 00:56 - 00032768 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
2008-10-01 00:51 - 2008-10-01 00:51 - 00118784 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
2008-10-01 00:51 - 2008-10-01 00:51 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-10-01 00:51 - 2008-10-01 00:51 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-10-01 00:51 - 2008-10-01 00:51 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-08-20 18:14 - 2009-04-11 07:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-10-01 00:51 - 2008-10-01 00:51 - 00010240 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-10-01 00:52 - 2008-10-01 00:52 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-08-11 10:23 - 2008-06-24 07:27 - 00025840 _____ () C:\Program Files\Dell V305\dldtMsdMon.exe
2014-08-11 10:23 - 2008-05-26 08:05 - 00028672 _____ () C:\Program Files\Dell V305\App4R.Monitor.Common.dll
2014-08-11 10:23 - 2008-05-26 08:05 - 00036864 _____ () C:\Program Files\Dell V305\App4R.Monitor.Core.dll
2014-08-11 10:23 - 2008-05-26 08:04 - 00061440 _____ () C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.dll
2014-08-11 10:23 - 2007-11-22 09:55 - 00011776 _____ () C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.autoplayutil.dll
2014-04-08 18:42 - 2014-04-08 18:42 - 00048640 _____ () C:\Program Files\AOL Desktop 9.7\zlib.dll
2014-04-08 18:42 - 2014-04-08 18:42 - 21151744 _____ () C:\Program Files\AOL Desktop 9.7\libcef.dll
2014-04-08 18:42 - 2014-04-08 18:42 - 00648704 _____ () C:\Program Files\AOL Desktop 9.7\libglesv2.dll
2014-04-08 18:42 - 2014-04-08 18:42 - 00122880 _____ () C:\Program Files\AOL Desktop 9.7\libegl.dll
2014-04-08 18:42 - 2014-04-08 18:42 - 00094208 _____ () C:\Program Files\AOL Desktop 9.7\Components\Tier2Svc.dll
2014-04-08 18:42 - 2014-04-08 18:42 - 00060928 _____ () C:\Program Files\AOL Desktop 9.7\Components\DataSvcs.dll
2009-04-20 21:31 - 2008-04-11 17:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2009-05-27 08:58 - 2009-05-27 08:58 - 00811008 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dldtptpc.dll
2009-07-02 12:40 - 2009-07-02 12:40 - 00162816 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dldtdrui.dll
2009-03-25 15:53 - 2009-03-25 15:53 - 00147456 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dldtPRPR.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2066108842-3818072011-482783874-500 - Administrator - Disabled)
Guest (S-1-5-21-2066108842-3818072011-482783874-501 - Limited - Enabled)
Papa (S-1-5-21-2066108842-3818072011-482783874-1003 - Administrator - Enabled) => C:\Users\Papa
 
==================== Faulty Device Manager Devices =============
 
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Dell V305 #2
Description: Dell V305
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Dell V305 #3
Description: Dell V305
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Dell V305 #4
Description: Dell V305
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Dell V305 #5
Description: Dell V305
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/01/2014 07:04:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 08:59:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 08:34:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 29.9.2014.0, time stamp 0x5429c7b4, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc00000fd, fault offset 0x0004a152,
process id 0x11e8, application start time 0xfrst.exe0.
 
Error: (09/30/2014 08:19:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 08:15:00 AM) (Source: MsiInstaller) (EventID: 10005) (User: Owner-PC)
Description: Product: Java 7 Update 67 -- Error 25025.  A previous Java uninstallation was never completed.  You need to restart your computer before installing Java.
 
Error: (09/30/2014 08:00:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 29.9.2014.0, time stamp 0x5429c7b4, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc00000fd, fault offset 0x00068b9f,
process id 0xc4c, application start time 0xfrst.exe0.
 
Error: (09/30/2014 07:51:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 28.9.2014.1, time stamp 0x542830ba, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc00000fd, fault offset 0x00068b9f,
process id 0x6fc, application start time 0xfrst.exe0.
 
Error: (09/30/2014 07:50:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 28.9.2014.1, time stamp 0x542830ba, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc00000fd, fault offset 0x0004a152,
process id 0x10e4, application start time 0xfrst.exe0.
 
Error: (09/30/2014 07:43:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/29/2014 08:18:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/01/2014 07:04:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: dldtCATSCustConnectService%%1053
 
Error: (10/01/2014 07:04:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000dldtCATSCustConnectService
 
Error: (10/01/2014 07:04:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (10/01/2014 07:02:50 AM) (Source: netbt) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "001F16E24193" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
Error: (10/01/2014 07:02:50 AM) (Source: netbt) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "001F16E24193" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
Error: (09/30/2014 09:00:52 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5BE6D825-06C9-4D4C-83F9-42AC5FF1FB1E}.
The backup browser is stopping.
 
Error: (09/30/2014 08:59:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: dldtCATSCustConnectService%%1053
 
Error: (09/30/2014 08:59:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000dldtCATSCustConnectService
 
Error: (09/30/2014 08:59:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (09/30/2014 08:58:05 AM) (Source: netbt) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "001F16E24193" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
 
Microsoft Office Sessions:
=========================
Error: (08/04/2014 09:55:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (08/04/2014 09:55:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (08/04/2014 09:51:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 118632 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-01 07:18:43.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-01 07:18:42.941
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-01 07:18:41.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-01 07:18:40.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-01 07:18:27.201
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-01 07:18:26.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-01 07:18:25.282
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-01 07:18:24.299
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-01 07:18:10.290
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140912.003\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-01 07:18:09.245
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140912.003\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Turion Dual-Core RM-75
Percentage of memory in use: 55%
Total physical RAM: 2813.69 MB
Available physical RAM: 1243.55 MB
Total Pagefile: 5847.81 MB
Available Pagefile: 4051.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.05 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:287.17 GB) (Free:150.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: D610896A)
Partition 1: (Active) - (Size=287.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP