Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Strange PC Performance [Solved]


  • This topic is locked This topic is locked

#1
ital_mike92

ital_mike92

    Member

  • Member
  • PipPip
  • 10 posts

Hey folks,

 

Thanks for taking the time to look at my problem. I'm a big fan of the website, I use the basic malware removal process on here to take care of 95% of the problems on family/friends' computers.

 

Now, for the problem. I'll try to give an accurate description of what happened/what I saw/what I did/what I see now.

 

I brought a demo phone home from work a few weeks ago (an HTC One M8). The phone comes with a service called HTC Get Started. Essentially, I created an HTC Account through my gmail, and I got to choose the settings I wanted on my phone from my laptop, and then the service will transfer the settings I chose on my laptop to my phone through the HTC account (I had to be logged in on both devices). I didn't recall having any other activity on my laptop that day.

 

A day later, I booted up my laptop and noticed it was performing quite slowly. Chrome and various other programs would take a while to open/not open at all. Also, I noticed my security software's icon (Microsoft Security Essentials) was no longer in the bottom right area of my taskbar. When I opened the program manually, it said that my real-time protection was disabled. I turned it back on, and proceeded to go through the basic malware cleaning steps on the geeks to go website (OTL's Temp File Cleaner, ERUNT, Malwarebytes, and Microsoft Security Essentials). Malwarebytes didn't pick up anything, and neither did MSE. The speed was still slow, so I decided to go through a Windows System Restore to a point in time before I noticed the issues. I restored it, and the speed picked up a bit. I ran through all of the cleaning steps again, and picked up nothing. However, I am still noticing strange behaviour:

 

1. My MSE occasionally shows that real time protection is disabled, but I can manually enable it after

2. I frequently see two of the same Windows Update icons side by side in the right side of my taskbar

3. Every time I want to shut down my PC now, it gets stuck on a process which is shows as "explorer.exe Playing logoff sound". When I force a shutdown on that process, everything on my screen disappears except for the wallpaper, and the computer never shuts down. Ctr+Alt+Del doesn't do anything. I need to manually hold the power button to shut the laptop down

 

I don't really see how that HTC service could have compromised my security, but I noticed the strange behavior after I used it, so that's how I'm describing the problem. I just ran OTL, and my log is as below:

 

OTL logfile created on: 10/4/2014 9:14:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Desktop\Security & System
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
3.80 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 47.06% Memory free
7.60 Gb Paging File | 4.87 Gb Available in Paging File | 64.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442.10 Gb Total Space | 304.60 Gb Free Space | 68.90% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 465.65 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive E: | 23.36 Gb Total Space | 3.41 Gb Free Space | 14.60% Space Free | Partition Type: NTFS
Drive F: | 99.02 Mb Total Space | 83.88 Mb Free Space | 84.71% Space Free | Partition Type: FAT32
 
Computer Name: BLITZKRIEGS-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/04 09:10:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\Security & System\OTL.exe
PRC - [2014/09/22 22:07:06 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/12 13:19:38 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/04/15 13:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2010/11/20 06:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/09/15 11:30:08 | 000,739,664 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2010/03/17 22:57:00 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE
PRC - [2010/02/08 17:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2009/12/18 12:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/30 22:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2008/10/20 15:32:48 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/22 22:07:05 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppgooglenaclpluginchrome.dll
MOD - [2014/09/22 22:07:04 | 014,891,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
MOD - [2014/09/22 22:07:02 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
MOD - [2014/09/22 22:06:58 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
MOD - [2014/09/22 22:06:56 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
MOD - [2014/09/22 22:06:55 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/14 15:50:58 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/18 16:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/10/13 14:03:52 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/04/25 14:02:52 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/02/14 20:41:21 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/31 21:27:57 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/31 21:27:56 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/09/15 11:30:34 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/01/18 16:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2010/01/06 02:14:28 | 002,184,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/12/29 15:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/16 16:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2014/09/21 10:55:28 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/02 16:51:38 | 000,156,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2014/03/30 19:36:58 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/12 13:19:38 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2012/05/06 21:34:22 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/04/15 13:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2010/03/17 22:57:00 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE -- (UNS)
SRV - [2010/02/08 17:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/01/06 01:53:54 | 001,791,280 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010/01/04 12:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/18 12:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/10/20 12:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/09/30 22:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/10/01 20:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/28 19:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/10 15:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/25 14:02:52 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/04/25 14:02:52 | 000,030,488 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/04/18 16:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/21 00:49:42 | 000,254,976 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2011/06/21 00:49:42 | 000,027,384 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\xpc4drvr.sys -- (XilinxPC4Driver)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/04 20:56:37 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 20:41:27 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2011/02/14 20:41:24 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/02/14 20:41:24 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/14 20:41:22 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/02/14 20:41:22 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/01/31 21:27:58 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/07/21 17:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/29 21:30:10 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2010/01/11 16:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/07 12:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/07 12:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/07 12:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/07 12:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/10/26 14:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/20 12:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {BBF59EF2-27C4-4692-9E43-EE4528A3C1E4}
IE - HKLM\..\SearchScopes\{BBF59EF2-27C4-4692-9E43-EE4528A3C1E4}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{BF9F5FC5-878E-4CBC-98FE-062D1C32D9EC}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpl
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {17BCDF80-EA01-4184-91E7-B532148BD0F1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{17BCDF80-EA01-4184-91E7-B532148BD0F1}: "URL" = https://ca.search.ya...p={SearchTerms}
IE - HKCU\..\SearchScopes\{BBF59EF2-27C4-4692-9E43-EE4528A3C1E4}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{BF9F5FC5-878E-4CBC-98FE-062D1C32D9EC}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ualberta....rta.ca/portal/"
FF - prefs.js..extensions.enabledAddons: support%40wolfram.com:3.1.6
FF - prefs.js..extensions.enabledAddons: otis%40digitalpersona.com:5.0.0.4490
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.9.46
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.41
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.0.4248
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://ca.search.yah...h?fr=mcafee&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/08/23 19:10:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/09/08 11:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/08/18 22:38:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/08/18 22:38:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/08/18 22:38:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/08/18 22:38:21 | 000,000,000 | ---D | M]
 
[2011/01/17 00:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2014/09/15 18:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\extensions
[2013/11/09 14:09:04 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\extensions\[email protected]
[2014/09/15 18:30:08 | 000,105,495 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\extensions\[email protected]
[2014/09/14 15:27:49 | 000,226,542 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\extensions\[email protected]
[2011/07/01 16:15:51 | 000,028,892 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\extensions\[email protected]
[2014/09/15 18:30:07 | 000,540,395 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011/01/17 23:42:48 | 000,001,050 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\searchplugins\siteadvisor.xml
[2014/08/20 08:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/03/30 19:36:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/30 19:36:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/08/23 19:10:37 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAM FILES (X86)\DIGITALPERSONA\BIN\FIREFOXEXT
[2014/09/08 11:34:47 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: No name found = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart File not found
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Acresso Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_67)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_67)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C38CA0F2-7EB9-43D9-A0F7-E60C2031E362}: DhcpNameServer = 192.168.1.254 75.153.176.9
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/21 12:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/04 09:12:39 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/04 08:59:20 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/04 08:59:20 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/04 08:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/04 08:51:57 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/04 08:51:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/04 08:51:20 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/28 15:35:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMichael.job
[2014/09/28 14:14:32 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/21 19:18:19 | 000,002,285 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/21 13:55:38 | 000,479,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/15 19:03:49 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/15 03:03:28 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/09/07 14:32:52 | 008,914,506 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/07 14:32:52 | 004,311,928 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/07 14:32:52 | 000,006,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2014/09/21 12:07:52 | 000,002,285 | ---- | C] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/21 12:07:52 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/13 14:04:24 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/11/11 00:16:47 | 000,000,255 | ---- | C] () -- C:\Users\Michael\.Xauthority
[2011/11/11 00:15:10 | 000,000,600 | ---- | C] () -- C:\Users\Michael\AppData\Local\PUTTY.RND
[2011/10/10 15:25:23 | 000,004,096 | -H-- | C] () -- C:\Users\Michael\AppData\Local\keyfile3.drm
[2011/04/27 22:39:09 | 000,004,608 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/20 13:22:55 | 000,001,854 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\GhostObjGAFix.xml
[2011/02/01 11:55:03 | 000,000,145 | ---- | C] () -- C:\Users\Michael\webct_upload_applet.properties
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/11/04 16:47:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.minecraft
[2013/11/12 17:13:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Arduino
[2012/11/23 20:55:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Audacity
[2014/08/18 21:48:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Autodesk
[2012/07/16 20:44:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Azureus
[2012/02/04 19:14:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DarknessIIDemo
[2011/01/16 22:34:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DigitalPersona
[2014/08/20 08:23:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2013/10/02 20:23:06 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\e-academy Inc
[2011/01/21 12:45:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Foxit Software
[2013/03/17 02:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Garmin
[2013/04/28 16:43:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ICAClient
[2011/01/17 22:45:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2011/03/09 23:25:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Maple
[2014/05/01 19:46:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Oracle
[2011/03/29 00:16:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Windows Live Writer
[2013/09/30 20:32:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Xilinx
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
 
< End of report >
 
Again, I appreciate the help. Hoping to hear back soon.
 
Cheers,
 
Michael

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello Michael,

 

Welcome to Geekstogo Malware forum.

 

I can see something in that log that might be part of your machines problems but before we go on let's have a look using a different tool which will give us a slightly different perspective.

 

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

 


  • 0

#3
ital_mike92

ital_mike92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hey emeraldnzl,

 

Thanks for having a look. Here is the FRST.txt file from the scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014
Ran by Michael (administrator) on BLITZKRIEGS-PC on 11-10-2014 15:03:58
Running from C:\Users\Michael\Downloads
Loaded Profile: Michael (Available profiles: Michael)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DeviceVM, Inc.) C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard ) C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acresso Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
HKLM\...\Run: [HPToneControl] => C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-12-16] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-01-31] (IDT, Inc.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3571644123-2064965057-3226276925-1001\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [210208 2008-10-20] (Acresso Corporation)
HKU\S-1-5-21-3571644123-2064965057-3226276925-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe [4440896 2012-08-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3571644123-2064965057-3226276925-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3571644123-2064965057-3226276925-1001\...\Policies\Explorer: [] 
Lsa: [Notification Packages] DPPassFilter scecli
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {BF9F5FC5-878E-4CBC-98FE-062D1C32D9EC} URL = http://www.ask.com/w...}&l=dis&o=cahpl
SearchScopes: HKCU - DefaultScope {17BCDF80-EA01-4184-91E7-B532148BD0F1} URL = https://ca.search.ya...p={SearchTerms}
SearchScopes: HKCU - {17BCDF80-EA01-4184-91E7-B532148BD0F1} URL = https://ca.search.ya...p={SearchTerms}
SearchScopes: HKCU - {BF9F5FC5-878E-4CBC-98FE-062D1C32D9EC} URL = http://www.ask.com/w...}&l=dis&o=cahpl
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
 
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default
FF Homepage: hxxp://www.ualberta.ca/|https://eclass.srv.ualberta.ca/portal/
FF Keyword.URL: hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\searchplugins\siteadvisor.xml
FF Extension: Foxit PDF Creator Toolbar - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\Extensions\[email protected] [2013-11-09]
FF Extension: InvisibleHand - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\Extensions\[email protected] [2011-06-11]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\Extensions\[email protected] [2014-09-14]
FF Extension: Wolfram Toolbar - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\Extensions\[email protected] [2011-03-24]
FF Extension: NoScript - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-03-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2011-08-23]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-01-17]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.ece.engineering.ualberta.ca/
CHR StartupUrls: Default -> "https://www.google.ca/", "https://www.facebook.com/", "https://www.linkedin.com/", "hxxp://totale.rosettastone.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-21]
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-21]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-21]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-21]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-21]
CHR Extension: (Google Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-21]
CHR Extension: (SiteAdvisor) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-21]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-21]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-14] (SUPERAntiSpyware.com)
R2 DvmMDES; C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-02-08] (DeviceVM, Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-12] (Garmin Ltd or its subsidiaries)
R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-09-23] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2010-01-29] (DeviceVM, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2011-06-21] (Jungo)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2011-06-21] (Xilinx, Inc.)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-11 15:03 - 2014-10-11 15:05 - 00021528 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-10-11 15:03 - 2014-10-11 15:04 - 00000000 ____D () C:\FRST
2014-10-11 15:02 - 2014-10-11 15:03 - 02109952 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-10-04 09:00 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-04 09:00 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-23 20:49 - 2014-09-09 16:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 20:49 - 2014-09-09 15:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 20:49 - 2014-05-08 03:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-23 20:49 - 2014-05-08 03:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-23 20:49 - 2014-01-08 20:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-23 20:49 - 2014-01-03 16:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-21 12:07 - 2014-09-28 14:14 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-21 12:07 - 2014-09-21 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-21 11:08 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-21 11:08 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-21 11:08 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-21 11:08 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-21 11:08 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-21 11:08 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-21 11:08 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-21 11:08 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-21 11:08 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-21 11:08 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-21 11:08 - 2013-10-01 18:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-21 11:08 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-21 11:08 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-21 11:08 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-21 11:08 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-21 11:08 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-21 11:08 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-21 11:08 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-09-21 11:08 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-09-21 11:08 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-09-21 11:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-21 11:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-21 11:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-21 11:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-21 11:02 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-21 11:02 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-21 11:02 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-21 11:02 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-21 11:02 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-21 11:02 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-21 11:02 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-21 11:02 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-15 03:06 - 2014-08-19 12:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-15 03:06 - 2014-08-19 11:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-15 03:06 - 2014-08-18 17:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-15 03:06 - 2014-08-18 16:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-15 03:06 - 2014-08-18 16:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-15 03:06 - 2014-08-18 16:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-15 03:06 - 2014-08-18 16:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-15 03:06 - 2014-08-18 16:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-15 03:06 - 2014-08-18 16:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-15 03:06 - 2014-08-18 16:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-15 03:06 - 2014-08-18 16:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-15 03:06 - 2014-08-18 16:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-15 03:06 - 2014-08-18 16:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-15 03:06 - 2014-08-18 16:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-15 03:06 - 2014-08-18 16:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-15 03:06 - 2014-08-18 16:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-15 03:06 - 2014-08-18 16:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-15 03:06 - 2014-08-18 16:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-15 03:06 - 2014-08-18 16:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-15 03:06 - 2014-08-18 15:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-15 03:06 - 2014-08-18 15:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-15 03:06 - 2014-08-18 15:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-15 03:06 - 2014-08-18 15:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-15 03:06 - 2014-08-18 15:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-15 03:06 - 2014-08-18 15:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-15 03:06 - 2014-08-18 15:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-15 03:06 - 2014-08-18 15:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-15 03:06 - 2014-08-18 15:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-15 03:06 - 2014-08-18 15:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-15 03:06 - 2014-08-18 15:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-15 03:06 - 2014-08-18 15:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-15 03:06 - 2014-08-18 15:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-15 03:06 - 2014-08-18 15:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-15 03:06 - 2014-08-18 15:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-15 03:06 - 2014-08-18 15:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-15 03:06 - 2014-08-18 15:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-15 03:06 - 2014-08-18 15:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-15 03:06 - 2014-08-18 15:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-15 03:06 - 2014-08-18 15:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-15 03:06 - 2014-08-18 15:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-15 03:06 - 2014-08-18 15:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-15 03:06 - 2014-08-18 15:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 03:06 - 2014-08-18 15:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-15 03:06 - 2014-08-18 15:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-15 03:06 - 2014-08-18 15:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-15 03:06 - 2014-08-18 15:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-15 03:06 - 2014-08-18 15:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-15 03:06 - 2014-08-18 15:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-15 03:06 - 2014-08-18 15:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-15 03:06 - 2014-08-18 15:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-15 03:06 - 2014-08-18 15:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-15 03:06 - 2014-08-18 14:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-15 03:06 - 2014-08-18 14:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-15 03:06 - 2014-08-18 14:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-15 03:06 - 2014-08-18 14:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-15 03:06 - 2014-08-18 14:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-15 03:01 - 2014-06-26 20:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-15 03:01 - 2014-06-26 19:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-14 15:16 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-14 15:16 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-14 15:16 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-14 15:16 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-14 15:14 - 2014-09-04 20:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-14 15:14 - 2014-09-04 20:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-14 15:14 - 2014-07-06 20:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-14 15:14 - 2014-07-06 20:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-14 15:14 - 2014-07-06 19:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-14 15:14 - 2014-07-06 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-14 15:14 - 2014-07-06 19:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-11 15:03 - 2010-06-08 03:45 - 01783574 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 15:00 - 2012-10-13 13:21 - 00000000 ____D () C:\Users\Michael\AppData\Local\Akamai
2014-10-11 14:59 - 2014-08-20 08:14 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-11 14:59 - 2011-01-17 23:43 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-11 14:59 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-11 14:58 - 2010-06-08 03:50 - 00495250 _____ () C:\Windows\PFRO.log
2014-10-11 14:58 - 2009-07-13 22:51 - 00145941 _____ () C:\Windows\setupact.log
2014-10-04 10:12 - 2014-08-20 08:14 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-04 09:55 - 2012-04-05 16:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-04 09:48 - 2011-10-20 17:23 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2014-10-04 09:48 - 2009-07-13 23:08 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-04 09:35 - 2014-08-18 15:52 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMichael
2014-10-04 09:35 - 2014-08-18 15:52 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForMichael.job
2014-10-04 09:24 - 2011-03-05 18:26 - 00000000 ____D () C:\Users\Michael\Desktop\Security & System
2014-10-04 08:59 - 2009-07-13 22:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-04 08:59 - 2009-07-13 22:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-28 14:35 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-09-22 00:42 - 2011-01-16 23:07 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 13:55 - 2009-07-13 22:45 - 00479072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-21 12:07 - 2014-08-20 08:14 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-21 12:07 - 2014-08-20 08:14 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-21 12:07 - 2014-08-20 08:14 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-21 12:07 - 2011-01-17 23:52 - 00000000 ____D () C:\Users\Michael\AppData\Local\Google
2014-09-21 11:12 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-21 11:11 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-21 11:07 - 2013-08-22 21:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-21 10:55 - 2014-04-29 12:55 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-21 10:55 - 2012-04-05 16:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-21 10:55 - 2012-04-05 16:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-21 10:55 - 2011-05-22 14:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 19:03 - 2014-08-19 10:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 03:10 - 2010-03-01 14:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 03:03 - 2012-05-07 00:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-15 03:03 - 2011-08-23 18:51 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-09-15 03:03 - 2011-01-17 20:54 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-15 03:03 - 2011-01-17 20:54 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-15 03:00 - 2014-05-08 23:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-14 15:54 - 2011-01-17 23:21 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-14 15:04 - 2014-08-20 08:16 - 00000000 ___RD () C:\Users\Michael\Google Drive
2014-09-14 15:03 - 2011-01-16 22:34 - 00000000 ____D () C:\Users\Michael
2014-09-14 15:01 - 2011-11-18 20:13 - 00000000 ____D () C:\Windows\system32\Macromed
2014-09-14 15:01 - 2010-03-01 14:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-14 15:01 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\schemas
2014-09-14 15:01 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-14 15:00 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-28 14:29
 
==================== End Of Log ============================
 
And here is the Addition.txt file:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2014
Ran by Michael at 2014-10-11 15:06:32
Running from C:\Users\Michael\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{FB07515A-48AC-9996-16EE-3A3DC8CF8D8E}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Bus Driver (x32 Version: 2.2.0.82 - WildTangent) Hidden
Carbonite Online Backup Setup (HKLM-x32\...\Carbonite Setup Lite) (Version: 3.8.0 - Carbonite Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0909.1412.23625 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0909.1412.23625 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0909.1412.23625 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0909.1412.23625 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help English (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help French (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help German (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0909.1412.23625 - ATI) Hidden
ccc-utility64 (Version: 2010.0909.1412.23625 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Contents (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Corel PaintShop Photo Pro X3 (HKLM-x32\...\_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.116 - Corel Corporation)
Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.0.286 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{BF1E7B7B-8FBB-45C8-B170-214AA0F4F6AE}) (Version:  - Microsoft)
DeviceIO (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 2.1.11 - Garmin Ltd or its subsidiaries) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
Foxit PDF Creator Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.15.0 - Ask.com) <==== ATTENTION
Foxit PDF Creator Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.35882 - Ask.com) <==== ATTENTION
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.3.0.1110 - Foxit Corporation)
Free YouTube Downloader 3.5.128 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{22cb5aae-d413-47c3-9710-95a7d3c3027d}) (Version: 2.1.11 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.1.11 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.11 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.1.11 - Garmin Ltd or its subsidiaries) Hidden
Ghost Recon Demo (HKLM-x32\...\{A3DEE8B9-2585-46F8-A490-5334BCABECA8}) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10144.3282 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.3727 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.0.3727 - Hewlett-Packard) Hidden
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.2.2513 - Hewlett-Packard)
HP MediaSmart Internet TV (x32 Version: 3.2.2513 - Hewlett-Packard) Hidden
HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.0.3722 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.0.3722 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.0.3722 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.0.3722 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.0.3722 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.0.3722 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.2511 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 4.0.2511 - Hewlett-Packard) Hidden
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)
HP QuickWeb Installer (HKLM-x32\...\{394FA67A-FF0A-4356-BB77-D85E5A300BDE}) (Version: 1.2.9.1 - DeviceVM Inc.)
HP Setup (HKLM-x32\...\{E2831862-F131-4327-B9CC-FA30F587EB6C}) (Version: 1.2.3988.3281 - Hewlett-Packard)
HP SimplePass Identity Protection (HKLM\...\{5BF97E02-2F6A-412A-BB4D-B6E2DC65FCA7}) (Version: 5.20.205 - DigitalPersona, Inc.)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Tone Control (HKLM\...\{9207D4A1-586E-49CA-A002-FC9F475AB1A3}) (Version: 2.0.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP User Guides 0177 (HKLM-x32\...\{8DA0CD14-79DF-49BF-B133-409C004F27E1}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{0279C882-B150-44B6-A769-A7C8A2F31CE3}) (Version: 4.0.3.2 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICA (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
ICA (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
IPM_PSP_Pro (x32 Version: 1.00.0000 - Corel Corporation) Hidden
IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
ISCOM (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
ISCOM (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LightScribe System Software (HKLM-x32\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.1.54.0 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneNote 2013 (HKLM-x32\...\Office15.ONENOTER) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneNote 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PSPPContent (x32 Version: 1.00.0000 - Corel Corporation) Hidden
PSPPRO_DCRAW (x32 Version: 13.0.0 - Corel Corporation) Hidden
PureHD (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2512 - CyberLink Corp.) Hidden
Rosetta Stone Ltd Services (HKLM-x32\...\{FFF186B6-4D02-4D8D-A776-C43E062E01A9}) (Version: 3.2.18 - Rosetta Stone Ltd.)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate)
Seagate Manager Installer (x32 Version: 2.01.0700 - Seagate) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Setup (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Setup (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
Share (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Share64 (Version: 1.6.0.286 - Corel Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SpywareBlaster 4.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.4.0 - Javacool Software LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1108 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Darkness II Demo (HKLM-x32\...\Steam App 204410) (Version:  - Digital Extremes)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.ONENOTER_{1AB594AE-C42D-4194-931B-29AD09067631}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.ONENOTER_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.ONENOTER_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{31849233-AD8B-42D7-9AE1-74C79C8E8C03}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{7A3EF4FF-A9C8-4F7E-8020-A45F7D319387}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{1B208923-2810-414F-82CC-AFFC1B19563F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{6171BC1B-907E-44D4-930A-4AE0D9260E65}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{B8E73381-09B1-4895-ACD0-34385B0F526D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{1C6260FD-A280-49FE-89D0-CCEC647FBD8E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.ONENOTER_{DA288EB3-648C-433C-88AC-71AEAAFAACF7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.ONENOTER_{51865C36-97D4-4210-A33E-50BCC8CDDF72}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.ONENOTER_{C20FB0E0-31F6-4958-B94D-AEF3CC31FD87}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.ONENOTER_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.ONENOTER_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.ONENOTER_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.ONENOTER_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.ONENOTER_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.ONENOTER_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.ONENOTER_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Validity Sensors DDK (HKLM\...\{EE5017A6-7525-4EE9-99DA-2EF1F6C16B1B}) (Version: 4.1.129.0 - Validity Sensors, Inc.)
VIO (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
VSClassic (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
VSPro (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414) (HKLM\...\7E38E30BB92ED94B21CF062A7386554CBA991FEB) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3571644123-2064965057-3226276925-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3571644123-2064965057-3226276925-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3571644123-2064965057-3226276925-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe No File
CustomCLSID: HKU\S-1-5-21-3571644123-2064965057-3226276925-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-3571644123-2064965057-3226276925-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll No File
CustomCLSID: HKU\S-1-5-21-3571644123-2064965057-3226276925-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
14-09-2014 21:19:24 Windows Update
15-09-2014 09:00:35 Windows Update
16-09-2014 00:38:11 Removed Google Drive
21-09-2014 16:31:28 Windows Update
21-09-2014 17:02:42 Windows Update
28-09-2014 19:28:36 Windows Update
04-10-2014 15:03:50 Windows Update
11-10-2014 21:01:46 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0DF7F7EC-74A9-4676-888E-A14CADFCC61B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)
Task: {1B883CAA-8A7B-44D5-8C85-822EE51C95F1} - System32\Tasks\HPCeeScheduleForMichael => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {1F991B34-F757-4825-A8B7-6AD62A3F696C} - System32\Tasks\{A2935058-989F-430C-A902-DF70322F2221} => C:\Program Files (x86)\LTC\LTspiceIV\scad3.exe
Task: {29A8E15E-B6A0-4D04-BD67-D1D8C46F078A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {359B888B-57E0-4009-99C1-FCDE9AD2F752} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe
Task: {3C2DAABD-0A6D-4052-BFC3-3907727FDC6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {5652D60D-3F93-4FE1-9D4D-545899EEEFB6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {57660DB0-9848-4D7A-BD0C-D1B86F773BF7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2012-10-29] (Hewlett-Packard)
Task: {583C2AAE-DD5C-4517-9D0C-3FC1E5E03583} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {5966829C-D5CA-45DD-A35F-9658A1955A81} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {64FD8ED9-7D01-430A-B397-10FB76AB8203} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2012-10-29] (Hewlett-Packard)
Task: {7024B66E-182E-4A4D-9B1A-C05DD81E11D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-21] (Adobe Systems Incorporated)
Task: {7A03EA4D-4B65-47D8-8ED9-18E36A2ED390} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-21] (Google Inc.)
Task: {84149C61-8FAF-4A00-93EA-1EBCE74CFDD1} - System32\Tasks\Disk Cleanup Schedule => C:\Windows\System32\cleanmgr.exe [2009-07-13] (Microsoft Corporation)
Task: {9023BB49-9D0A-42C8-BE7D-D95AD5FD1BD4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {91C89376-3C87-4C33-8300-8D3E61F6F300} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9F0C10EB-81E6-45BD-8C46-92D450412915} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {AB5FBD00-E5A2-4F16-9A1A-2A95A0663E21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {B366F239-4B32-40B9-BA65-98EA7AB66DEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-21] (Google Inc.)
Task: {B38E37E9-C58E-491D-B226-5CDF9CE54AF4} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {B80AABAA-95E1-4416-8224-BE3425B7D9AC} - System32\Tasks\Error Checking Schedule => C:\Windows\System32\chkdsk.exe [2009-07-13] (Microsoft Corporation)
Task: {C208DCD7-B300-459D-A16D-C045C2AF2C4D} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-01-24] () <==== ATTENTION
Task: {EEC2766D-99DE-4BD3-95DB-AE08CF4D4C9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMichael.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-19 01:53 - 2010-01-19 01:53 - 00124560 _____ () c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll
2010-01-20 17:20 - 2010-01-20 17:20 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2010-01-18 16:04 - 2010-01-18 16:04 - 00020480 _____ () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2010-09-09 16:50 - 2010-09-09 16:50 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-09 15:11 - 2010-09-09 15:11 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-12-16 16:51 - 2009-12-16 16:51 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2009-12-16 16:51 - 2009-12-16 16:51 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-28 14:14 - 2014-09-22 22:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-28 14:14 - 2014-09-22 22:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-28 14:14 - 2014-09-22 22:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-28 14:14 - 2014-09-22 22:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-28 14:14 - 2014-09-22 22:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DpHost => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CarboniteSetupLite => "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: igndlm.exe => C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: MaxMenuMgr => "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
MSCONFIG\startupreg: MSN Toolbar => "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe"
MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3571644123-2064965057-3226276925-500 - Administrator - Disabled)
Guest (S-1-5-21-3571644123-2064965057-3226276925-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3571644123-2064965057-3226276925-1002 - Limited - Enabled)
Michael (S-1-5-21-3571644123-2064965057-3226276925-1001 - Administrator - Enabled) => C:\Users\Michael
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/11/2014 03:00:55 PM) (Source: MsiInstaller) (EventID: 11310) (User: Blitzkriegs-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Michael\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (10/11/2014 03:00:14 PM) (Source: MsiInstaller) (EventID: 11310) (User: Blitzkriegs-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Michael\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (10/04/2014 10:40:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_Winmgmt, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xa40
Faulting application start time: 0xsvchost.exe_Winmgmt0
Faulting application path: svchost.exe_Winmgmt1
Faulting module path: svchost.exe_Winmgmt2
Report Id: svchost.exe_Winmgmt3
 
Error: (10/04/2014 10:02:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Garmin.Cartography.MapUpdate.CoreService.exe, version: 2.1.11.0, time stamp: 0x513f71b7
Faulting module name: clr.dll, version: 4.0.30319.18444, time stamp: 0x52717e84
Exception code: 0xc00000fd
Fault offset: 0x003793f2
Faulting process id: 0x910
Faulting application start time: 0xGarmin.Cartography.MapUpdate.CoreService.exe0
Faulting application path: Garmin.Cartography.MapUpdate.CoreService.exe1
Faulting module path: Garmin.Cartography.MapUpdate.CoreService.exe2
Report Id: Garmin.Cartography.MapUpdate.CoreService.exe3
 
Error: (10/04/2014 09:48:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPMSGSVC.exe, version: 1.0.0.0, time stamp: 0x4b5407f0
Faulting module name: HPMSGSVC.exe, version: 1.0.0.0, time stamp: 0x4b5407f0
Exception code: 0xc0000005
Fault offset: 0x00000000000029ae
Faulting process id: 0xe88
Faulting application start time: 0xHPMSGSVC.exe0
Faulting application path: HPMSGSVC.exe1
Faulting module path: HPMSGSVC.exe2
Report Id: HPMSGSVC.exe3
 
Error: (10/04/2014 09:48:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_ProfSvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000060
Faulting process id: 0x338
Faulting application start time: 0xsvchost.exe_ProfSvc0
Faulting application path: svchost.exe_ProfSvc1
Faulting module path: svchost.exe_ProfSvc2
Report Id: svchost.exe_ProfSvc3
 
Error: (10/04/2014 09:05:28 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (10/04/2014 08:53:41 AM) (Source: MsiInstaller) (EventID: 11310) (User: Blitzkriegs-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Michael\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (10/04/2014 08:53:13 AM) (Source: MsiInstaller) (EventID: 11310) (User: Blitzkriegs-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Michael\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (09/29/2014 06:21:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_Winmgmt, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x630
Faulting application start time: 0xsvchost.exe_Winmgmt0
Faulting application path: svchost.exe_Winmgmt1
Faulting module path: svchost.exe_Winmgmt2
Report Id: svchost.exe_Winmgmt3
 
 
System errors:
=============
Error: (10/11/2014 02:58:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:24:48 PM on ‎04/‎10/‎2014 was unexpected.
 
Error: (10/04/2014 10:24:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
 
Error: (10/04/2014 10:22:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
 
Error: (10/04/2014 10:21:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
 
Error: (10/04/2014 10:19:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
 
Error: (10/04/2014 10:18:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
 
Error: (10/04/2014 10:16:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
 
Error: (10/04/2014 10:15:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
 
Error: (10/04/2014 10:13:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
 
Error: (10/04/2014 10:12:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
 
 
Microsoft Office Sessions:
=========================
Error: (12/03/2013 10:32:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 5519 seconds with 4200 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 56%
Total physical RAM: 3893.86 MB
Available physical RAM: 1678.34 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 4886.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:442.1 GB) (Free:305.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:465.76 GB) (Free:465.65 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:23.36 GB) (Free:3.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C154203F)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=442.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A51447D7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello Michael,

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please download Junkware Removal Tool to your desktop.
 

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Finally in this post

Please download : ADWCleaner to your desktop  (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

So when you return please post

  • Fixlog.txt
  • JRT.txt
  • AdwCleaner log

 


  • 0

#5
ital_mike92

ital_mike92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hey emeraldnzl,

 

Below are the three logs.

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-10-2014
Ran by Michael at 2014-10-11 15:43:20 Run:1
Running from C:\Users\Michael\Desktop
Loaded Profile: Michael (Available profiles: Michael)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {BF9F5FC5-878E-4CBC-98FE-062D1C32D9EC} URL = http://www.ask.com/w...}&l=dis&o=cahpl
SearchScopes: HKCU - DefaultScope {17BCDF80-EA01-4184-91E7-B532148BD0F1} URL = https://ca.search.ya...p={SearchTerms}
SearchScopes: HKCU - {17BCDF80-EA01-4184-91E7-B532148BD0F1} URL = https://ca.search.ya...p={SearchTerms}
SearchScopes: HKCU - {BF9F5FC5-878E-4CBC-98FE-062D1C32D9EC} URL = http://www.ask.com/w...}&l=dis&o=cahpl
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
c:\Program Files (x86)\McAfee\SiteAdvisor
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
FF Keyword.URL: hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\searchplugins\siteadvisor.xml
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-01-17]
CHR Extension: (SiteAdvisor) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-21]
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-09-23] (McAfee, Inc.)
c:\Program Files (x86)\McAfee
Task: {C208DCD7-B300-459D-A16D-C045C2AF2C4D} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-01-24] () <==== ATTENTION
C:\Program Files (x86)\Ask.com
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
C:\ProgramData\Temp:5C321E34
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value deleted successfully.
"HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BF9F5FC5-878E-4CBC-98FE-062D1C32D9EC}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{BF9F5FC5-878E-4CBC-98FE-062D1C32D9EC}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{17BCDF80-EA01-4184-91E7-B532148BD0F1}" => Key deleted successfully.
"HKCR\CLSID\{17BCDF80-EA01-4184-91E7-B532148BD0F1}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BF9F5FC5-878E-4CBC-98FE-062D1C32D9EC}" => Key deleted successfully.
"HKCR\CLSID\{BF9F5FC5-878E-4CBC-98FE-062D1C32D9EC}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
"HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
c:\Program Files (x86)\McAfee\SiteAdvisor => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value deleted successfully.
"HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" => Key not found.
"HKCR\PROTOCOLS\Handler\dssrequest" => Key deleted successfully.
"HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\sacore" => Key deleted successfully.
"HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}" => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\dssrequest" => Key not found.
"HKCR\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\sacore" => Key not found.
"HKCR\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}" => Key not found.
Firefox Keyword.URL deleted successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\searchplugins\siteadvisor.xml => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => value deleted successfully.
C:\Program Files (x86)\McAfee\SiteAdvisor not found.
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho => Moved successfully.
McAfee SiteAdvisor Service => Service stopped successfully.
McAfee SiteAdvisor Service => Service deleted successfully.
c:\Program Files (x86)\McAfee => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C208DCD7-B300-459D-A16D-C045C2AF2C4D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C208DCD7-B300-459D-A16D-C045C2AF2C4D}" => Key deleted successfully.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => Key deleted successfully.
C:\Program Files (x86)\Ask.com => Moved successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
"C:\ProgramData\Temp:5C321E34" => File/Directory not found.
 
==== End of Fixlog ====
 
JRT.txt:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Home Premium x64
Ran by Michael on 11/10/2014 at 15:49:04.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"
Successfully deleted: [Folder] "C:\Users\Michael\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{19630B28-E958-4D1E-BD00-D5281A392F10}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6452AB92-6E27-458A-9262-A0187E14ABF4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{76C676EA-B404-4997-A0BC-7D4B1A08458C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9AADEB59-6A90-4C35-834D-B90E46581E2D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B61632E4-BE7E-4697-A1AF-4DEFEE87CF8A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CB5D73C4-6DBA-4487-94D2-ED42A148885A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E4668EEA-4021-4D22-ACCF-CB83C793C42C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F34B289C-AA0D-4ECF-87C7-76197890FEC4}
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\9uxih5tz.default\extensions\[email protected]
Successfully deleted the following from C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\9uxih5tz.default\prefs.js
 
user_pref("extensions.asktb.cbid", "F3");
user_pref("extensions.asktb.crumb", "2011.01.21+11.42.51-toolbar003iad-CA-RWRtb250b24sQ2FuYWRh");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
user_pref("extensions.asktb.dtid", "YYYYYYYYCA");
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1295638970662");
user_pref("extensions.asktb.locale", "en_US");
user_pref("extensions.asktb.o", "101703");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.search-suggestions-enabled", true);
Emptied folder: C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\9uxih5tz.default\minidumps [20 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/10/2014 at 15:52:37.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
AdwCleaner[S0].txt:
 
# AdwCleaner v3.311 - Report created 11/10/2014 at 16:02:46
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Michael - BLITZKRIEGS-PC
# Running from : C:\Users\Michael\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [4870 octets] - [11/10/2014 16:01:25]
AdwCleaner[S0].txt - [4674 octets] - [11/10/2014 16:02:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4734 octets] ##########
 

Things are starting to look better :D

 

Michael


  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

 

Things are starting to look better xbiggrin.png.pagespeed.ic.XhpYJIv77v.png

 

Making progress then. :)

 

Now

 

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Disable your security programs.

  • Click the blue Run ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
  • Check "Enable detection of potentially unwanted applications"
  • Click on Start and say yes to allow the program to proceed.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log somewhere that you can find .
  • After that click the button "Back"
  • Select and check Uninstall application on close and Delete quarantined files.
  • Then click on: Finish
  • Copy and paste the ESET log back here and tell me how your machine is now.

 

 


  • 0

#7
ital_mike92

ital_mike92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hey emeraldnzl,

 

I ran the scan, and it returned no results. My computer's running great now, like new! :D I just have a few questions:

1. What do you suspect the issue/issues were?

2. Do you have somewhere you could point me to on this website or somewhere else to give ways to make my computer secure/run smoothly?

 

Thanks for the all of the help. Definitely couldn't have done it myself haha.

 

Cheers,

 

Michael


  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello again Michael,
 

My computer's running great now, like new!


Excellent news. :thumbsup:
 

What do you suspect the issue/issues were


You had some foistware there, some of which had hijacked your browsers search engine.
 

Do you have somewhere you could point me to on this website or somewhere else to give ways to make my computer secure/run smoothly


See some tips below, hopefully they will go someway towards answering your question.

Now

Here is a little tool developed by OldTimer at this site. It is completely safe and will clear out the temp (rubbish) files on your machine.

Download TFC.exe from  here (Vista and above users right click and run as Administrator).

If you are asked "Do you want to allow the following program..." click yes.

The "Temp file cleaner by Oldtimer" console will pop up. Click continue and allow it to do it's job.

You may be asked to reboot when it is finished. Please do so.

If you are not asked to reboot you may be confronted with two windows. One will be the Temp File Cleaner console with a report of what has been cleaned. The other will just be a window showing your libraries etc. They can both be closed.

You are finished.

Next

We have a couple of last steps to perform and then you're all set. :)

Please go here to download OTC.

Run this program to remove some of the tools we have been using.

You may be asked to reboot the machine to finish the Cleanup process choose Yes.

To remove AdwCleaner double click on adwcleaner.exe to run the tool.
Click on Uninstall, then confirm with yes to remove AdwCleaner from your computer.

TFC can be deleted but it might be a useful tool to keep. I have it on my machine and run it once a week just to clean up my computer.

Any remaining tools may be deleted.

Next, we need to clean your restore points and set a new one:

Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.
 

  • In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Under Protection Settings, click the radio button Configure.
  • Under Disk Space Usage, click the radio button Delete.
  • Click Continue, and then click OK.

-------------------------------------------------------------------------------------------------------------------

A reminder:  Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

A while back over 100 million Adobe users e-mail and other information were hacked. Users were asked to change their passwords following the hack and you can go to the link below to check your e-mail to see whether you were one of the 150 million.

https://lastpass.com/adobe/

If you are on the list, all passwords should be changed including those used for banking, email, eBay, paypal and online forums.

------------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.
 

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.

       
  • Click Start > Control Panel > Add or Remove Programs
       
  • Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
 

 


  • 0

#9
ital_mike92

ital_mike92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hey emeraldnzl,

 

All of these tips look great and will help me soon. However, after a day of use, it appears that there are still problems with my PC :(

 

I can shut it down now (which is nice), but I'm noticing behaviour such as:

 

1. Google Chrome begins to act slow with only four tabs open (pages will freeze)

2. When I click my HP Support Assistant (it says important action is needed), the PC looks like it's thinking, but won't open it.

3. When I try to go CTRL+ALT+DEL to see which processes are hogging up memory, the screen goes black and I get an error message that says: "Failure to display security and shutdown options", and then it says stuff about it couldn't display those when I pressed CTRL+ALT+DEL and if the OS doesn't respond I can press the escape key or restart the computer with the power switch. When I press ok, it goes back to my desktop.

4. I tried to delete the old system restore points as suggested, it said some error message about not being able to find something. Now, when I click "System Properties", nothing happens; no window pops up.

 

I guess this is a bit more complicated than I thought. Do you have anything in mind to investigate or change? Let me know.

 

Cheers,

 

Michael


  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hmm... might be something else there or maybe some conflict going on.

 

You might try these actions to see if there is any change.

 

1.Open an elevated command prompt. To do this, go to Start > All Programs > Accessories  right-click Command Prompt and click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
2.At the command prompt, type the following command, and then press ENTER:
 
sfc /scannow

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.
 

And

 

Please run Chkdsk:
 

  • Right click on the Start > Open Windows Explorer.
  • Find the hard drive letter (usually local disk C)  for which you want to run the Chkdsk utility.
  • Right-click on the driver letter and select Properties > Tools.
  • Under the Error-Checking section of the window, click the Check Now button. If you have User Account Controls enabled, a window will pop up asking permission to continue. Click Continue.
  • Click to have Chkdsk Automatically fix file system errors and to Scan for and attempt recovery of bad sectors.
  • Click Start.
  • Chkdsk might take a very long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).

Chkdsk will not run if the drive you wish to check is in use. You will be requested to schedule Chkdsk. Click Schedule Check Disk, it then will run the next time you boot your computer. Shut down your computer and then turn it back on, Chkdsk will run.

 

If there is no improvement after those actions then we can have another look.

 

Download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

 

Tell me how you get on. :)


  • 0

Advertisements


#11
ital_mike92

ital_mike92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hey emeraldnzl,

 

Sorry for the delay, it was a busy weekend. I ran the sfc scan (it didn't turn up anything) and ran the chkdsk. Let it run overnight, so I didn't see if it picked up anything. The computer seemed to run nice afterward, but the performance quickly degraded again. Another strange behaviour I noticed is that my HP Wireless Assistant shows a small red x (suggesting I'm not connected to wifi or that it is shut off), but I can still connect. The Farbar scan results are below:

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Michael (administrator) on BLITZKRIEGS-PC on 13-10-2014 20:06:46
Running from C:\Users\Michael\Desktop
Loaded Profile: Michael (Available profiles: Michael)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DeviceVM, Inc.) C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard ) C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Acresso Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
HKLM\...\Run: [HPToneControl] => C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-12-16] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-01-31] (IDT, Inc.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3571644123-2064965057-3226276925-1001\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [210208 2008-10-20] (Acresso Corporation)
HKU\S-1-5-21-3571644123-2064965057-3226276925-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe [4440896 2012-08-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3571644123-2064965057-3226276925-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3571644123-2064965057-3226276925-1001\...\Policies\Explorer: [] 
Lsa: [Notification Packages] DPPassFilter scecli
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
 
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default
FF Homepage: hxxp://www.ualberta.ca/|https://eclass.srv.ualberta.ca/portal/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: InvisibleHand - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\Extensions\[email protected] [2011-06-11]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\Extensions\[email protected] [2014-09-14]
FF Extension: Wolfram Toolbar - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\Extensions\[email protected] [2011-03-24]
FF Extension: NoScript - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9uxih5tz.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-03-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2011-08-23]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.ece.engineering.ualberta.ca/
CHR StartupUrls: Default -> "https://www.google.ca/", "https://www.facebook.com/", "https://www.linkedin.com/", "hxxp://totale.rosettastone.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-21]
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-21]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-21]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-21]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-21]
CHR Extension: (Google Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-21]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-21]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx []
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-14] (SUPERAntiSpyware.com)
R2 DvmMDES; C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-02-08] (DeviceVM, Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-12] (Garmin Ltd or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2010-01-29] (DeviceVM, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2011-06-21] (Jungo)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2011-06-21] (Xilinx, Inc.)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-13 20:06 - 2014-10-13 20:08 - 00018770 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-10-13 20:06 - 2014-10-13 20:06 - 00000000 ____D () C:\FRST
2014-10-13 20:05 - 2014-10-13 20:06 - 02110464 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-10-13 08:54 - 2014-10-13 08:54 - 00002223 _____ () C:\Users\Michael\Desktop\HP Support Assistant.lnk
2014-10-13 08:54 - 2014-10-13 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-10-13 08:50 - 2014-10-13 08:50 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-10-11 16:20 - 2014-10-11 16:20 - 00000000 __SHD () C:\Users\Michael\AppData\Local\EmieUserList
2014-10-11 16:20 - 2014-10-11 16:20 - 00000000 __SHD () C:\Users\Michael\AppData\Local\EmieSiteList
2014-10-11 16:05 - 2014-10-13 20:03 - 00000012 ____H () C:\dvmexp.idx
2014-10-11 16:04 - 2014-10-11 16:04 - 00000000 ___HD () C:\dvmexp
2014-10-11 15:49 - 2014-10-11 15:49 - 00000000 ____D () C:\Windows\ERUNT
2014-10-04 09:00 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-04 09:00 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-23 20:49 - 2014-09-09 16:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 20:49 - 2014-09-09 15:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 20:49 - 2014-05-08 03:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-23 20:49 - 2014-05-08 03:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-23 20:49 - 2014-01-08 20:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-23 20:49 - 2014-01-03 16:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-21 12:07 - 2014-09-28 14:14 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-21 12:07 - 2014-09-21 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-21 11:08 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-21 11:08 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-21 11:08 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-21 11:08 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-21 11:08 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-21 11:08 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-21 11:08 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-21 11:08 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-21 11:08 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-21 11:08 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-21 11:08 - 2013-10-01 18:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-21 11:08 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-21 11:08 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-21 11:08 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-21 11:08 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-21 11:08 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-21 11:08 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-21 11:08 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-09-21 11:08 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-09-21 11:08 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-09-21 11:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-21 11:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-21 11:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-21 11:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-21 11:02 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-21 11:02 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-21 11:02 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-21 11:02 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-21 11:02 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-21 11:02 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-21 11:02 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-21 11:02 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-15 03:06 - 2014-08-19 12:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-15 03:06 - 2014-08-19 11:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-15 03:06 - 2014-08-18 17:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-15 03:06 - 2014-08-18 16:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-15 03:06 - 2014-08-18 16:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-15 03:06 - 2014-08-18 16:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-15 03:06 - 2014-08-18 16:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-15 03:06 - 2014-08-18 16:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-15 03:06 - 2014-08-18 16:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-15 03:06 - 2014-08-18 16:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-15 03:06 - 2014-08-18 16:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-15 03:06 - 2014-08-18 16:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-15 03:06 - 2014-08-18 16:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-15 03:06 - 2014-08-18 16:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-15 03:06 - 2014-08-18 16:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-15 03:06 - 2014-08-18 16:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-15 03:06 - 2014-08-18 16:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-15 03:06 - 2014-08-18 16:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-15 03:06 - 2014-08-18 16:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-15 03:06 - 2014-08-18 15:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-15 03:06 - 2014-08-18 15:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-15 03:06 - 2014-08-18 15:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-15 03:06 - 2014-08-18 15:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-15 03:06 - 2014-08-18 15:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-15 03:06 - 2014-08-18 15:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-15 03:06 - 2014-08-18 15:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-15 03:06 - 2014-08-18 15:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-15 03:06 - 2014-08-18 15:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-15 03:06 - 2014-08-18 15:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-15 03:06 - 2014-08-18 15:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-15 03:06 - 2014-08-18 15:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-15 03:06 - 2014-08-18 15:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-15 03:06 - 2014-08-18 15:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-15 03:06 - 2014-08-18 15:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-15 03:06 - 2014-08-18 15:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-15 03:06 - 2014-08-18 15:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-15 03:06 - 2014-08-18 15:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-15 03:06 - 2014-08-18 15:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-15 03:06 - 2014-08-18 15:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-15 03:06 - 2014-08-18 15:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-15 03:06 - 2014-08-18 15:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-15 03:06 - 2014-08-18 15:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 03:06 - 2014-08-18 15:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-15 03:06 - 2014-08-18 15:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-15 03:06 - 2014-08-18 15:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-15 03:06 - 2014-08-18 15:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-15 03:06 - 2014-08-18 15:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-15 03:06 - 2014-08-18 15:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-15 03:06 - 2014-08-18 15:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-15 03:06 - 2014-08-18 15:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-15 03:06 - 2014-08-18 15:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-15 03:06 - 2014-08-18 14:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-15 03:06 - 2014-08-18 14:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-15 03:06 - 2014-08-18 14:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-15 03:06 - 2014-08-18 14:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-15 03:06 - 2014-08-18 14:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-15 03:01 - 2014-06-26 20:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-15 03:01 - 2014-06-26 19:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-14 15:16 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-14 15:16 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-14 15:16 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-14 15:16 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-14 15:14 - 2014-09-04 20:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-14 15:14 - 2014-09-04 20:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-14 15:14 - 2014-07-06 20:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-14 15:14 - 2014-07-06 20:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-14 15:14 - 2014-07-06 19:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-14 15:14 - 2014-07-06 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-14 15:14 - 2014-07-06 19:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-13 20:09 - 2014-08-20 08:14 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-13 20:08 - 2011-10-20 17:23 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2014-10-13 20:08 - 2009-07-13 23:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-13 20:08 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-13 20:06 - 2010-06-08 03:45 - 01938926 _____ () C:\Windows\WindowsUpdate.log
2014-10-13 20:03 - 2012-10-13 13:21 - 00000000 ____D () C:\Users\Michael\AppData\Local\Akamai
2014-10-13 20:01 - 2009-07-13 22:51 - 00146557 _____ () C:\Windows\setupact.log
2014-10-13 09:55 - 2012-04-05 16:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 09:16 - 2009-07-13 22:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 09:16 - 2009-07-13 22:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-13 09:12 - 2014-08-20 08:14 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-13 08:54 - 2010-03-01 14:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-13 08:54 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Help
2014-10-13 08:51 - 2010-03-01 14:06 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-13 08:49 - 2010-03-01 14:13 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-10-13 08:49 - 2009-09-06 18:40 - 00000000 ____D () C:\SwSetup
2014-10-11 22:33 - 2011-03-05 18:26 - 00000000 ____D () C:\Users\Michael\Desktop\Security & System
2014-10-11 22:20 - 2009-07-13 23:13 - 00006210 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-11 16:05 - 2011-10-20 08:07 - 00000000 ____D () C:\TEMP
2014-10-11 16:03 - 2010-06-08 03:50 - 00495564 _____ () C:\Windows\PFRO.log
2014-09-28 14:35 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-09-22 00:42 - 2011-01-16 23:07 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 13:55 - 2009-07-13 22:45 - 00479072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-21 12:07 - 2014-08-20 08:14 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-21 12:07 - 2014-08-20 08:14 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-21 12:07 - 2014-08-20 08:14 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-21 12:07 - 2011-01-17 23:52 - 00000000 ____D () C:\Users\Michael\AppData\Local\Google
2014-09-21 11:12 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-21 11:11 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-21 11:07 - 2013-08-22 21:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-21 10:55 - 2014-04-29 12:55 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-21 10:55 - 2012-04-05 16:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-21 10:55 - 2012-04-05 16:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-21 10:55 - 2011-05-22 14:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 19:03 - 2014-08-19 10:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 03:10 - 2010-03-01 14:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 03:03 - 2012-05-07 00:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-15 03:03 - 2011-08-23 18:51 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-09-15 03:03 - 2011-01-17 20:54 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-15 03:03 - 2011-01-17 20:54 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-15 03:00 - 2014-05-08 23:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-14 15:54 - 2011-01-17 23:21 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-14 15:04 - 2014-08-20 08:16 - 00000000 ___RD () C:\Users\Michael\Google Drive
2014-09-14 15:03 - 2011-01-16 22:34 - 00000000 ____D () C:\Users\Michael
2014-09-14 15:01 - 2011-11-18 20:13 - 00000000 ____D () C:\Windows\system32\Macromed
2014-09-14 15:01 - 2010-03-01 14:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-14 15:01 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\schemas
2014-09-14 15:01 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-14 15:00 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
 
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\sp64126.exe
C:\Users\Michael\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-11 18:22
 
==================== End Of Log ============================
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by Michael at 2014-10-13 20:09:23
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{FB07515A-48AC-9996-16EE-3A3DC8CF8D8E}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Bus Driver (x32 Version: 2.2.0.82 - WildTangent) Hidden
Carbonite Online Backup Setup (HKLM-x32\...\Carbonite Setup Lite) (Version: 3.8.0 - Carbonite Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0909.1412.23625 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0909.1412.23625 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0909.1412.23625 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0909.1412.23625 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help English (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help French (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help German (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0909.1412.23625 - ATI) Hidden
ccc-utility64 (Version: 2010.0909.1412.23625 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Contents (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Corel PaintShop Photo Pro X3 (HKLM-x32\...\_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.116 - Corel Corporation)
Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.0.286 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{BF1E7B7B-8FBB-45C8-B170-214AA0F4F6AE}) (Version:  - Microsoft)
DeviceIO (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 2.1.11 - Garmin Ltd or its subsidiaries) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.3.0.1110 - Foxit Corporation)
Free YouTube Downloader 3.5.128 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{22cb5aae-d413-47c3-9710-95a7d3c3027d}) (Version: 2.1.11 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.1.11 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.11 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.1.11 - Garmin Ltd or its subsidiaries) Hidden
Ghost Recon Demo (HKLM-x32\...\{A3DEE8B9-2585-46F8-A490-5334BCABECA8}) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10144.3282 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.3727 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.0.3727 - Hewlett-Packard) Hidden
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.2.2513 - Hewlett-Packard)
HP MediaSmart Internet TV (x32 Version: 3.2.2513 - Hewlett-Packard) Hidden
HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.0.3722 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.0.3722 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.0.3722 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.0.3722 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.0.3722 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.0.3722 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.2511 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 4.0.2511 - Hewlett-Packard) Hidden
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)
HP QuickWeb Installer (HKLM-x32\...\{394FA67A-FF0A-4356-BB77-D85E5A300BDE}) (Version: 1.2.9.1 - DeviceVM Inc.)
HP Setup (HKLM-x32\...\{E2831862-F131-4327-B9CC-FA30F587EB6C}) (Version: 1.2.3988.3281 - Hewlett-Packard)
HP SimplePass Identity Protection (HKLM\...\{5BF97E02-2F6A-412A-BB4D-B6E2DC65FCA7}) (Version: 5.20.205 - DigitalPersona, Inc.)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Tone Control (HKLM\...\{9207D4A1-586E-49CA-A002-FC9F475AB1A3}) (Version: 2.0.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP User Guides 0177 (HKLM-x32\...\{8DA0CD14-79DF-49BF-B133-409C004F27E1}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{0279C882-B150-44B6-A769-A7C8A2F31CE3}) (Version: 4.0.3.2 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICA (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
ICA (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
IPM_PSP_Pro (x32 Version: 1.00.0000 - Corel Corporation) Hidden
IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
ISCOM (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
ISCOM (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LightScribe System Software (HKLM-x32\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.1.54.0 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneNote 2013 (HKLM-x32\...\Office15.ONENOTER) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneNote 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PSPPContent (x32 Version: 1.00.0000 - Corel Corporation) Hidden
PSPPRO_DCRAW (x32 Version: 13.0.0 - Corel Corporation) Hidden
PureHD (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2512 - CyberLink Corp.) Hidden
Rosetta Stone Ltd Services (HKLM-x32\...\{FFF186B6-4D02-4D8D-A776-C43E062E01A9}) (Version: 3.2.18 - Rosetta Stone Ltd.)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate)
Seagate Manager Installer (x32 Version: 2.01.0700 - Seagate) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Setup (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Setup (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
Share (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Share64 (Version: 1.6.0.286 - Corel Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SpywareBlaster 4.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.4.0 - Javacool Software LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1108 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Darkness II Demo (HKLM-x32\...\Steam App 204410) (Version:  - Digital Extremes)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.ONENOTER_{1AB594AE-C42D-4194-931B-29AD09067631}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.ONENOTER_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.ONENOTER_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{31849233-AD8B-42D7-9AE1-74C79C8E8C03}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{7A3EF4FF-A9C8-4F7E-8020-A45F7D319387}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{1B208923-2810-414F-82CC-AFFC1B19563F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{6171BC1B-907E-44D4-930A-4AE0D9260E65}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{B8E73381-09B1-4895-ACD0-34385B0F526D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{1C6260FD-A280-49FE-89D0-CCEC647FBD8E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.ONENOTER_{DA288EB3-648C-433C-88AC-71AEAAFAACF7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.ONENOTER_{51865C36-97D4-4210-A33E-50BCC8CDDF72}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.ONENOTER_{C20FB0E0-31F6-4958-B94D-AEF3CC31FD87}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.ONENOTER_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.ONENOTER_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.ONENOTER_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.ONENOTER_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.ONENOTER_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.ONENOTER_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.ONENOTER_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{91150000-00A1-0000-0000-0000000FF1CE}_Office15.ONENOTER_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Validity Sensors DDK (HKLM\...\{EE5017A6-7525-4EE9-99DA-2EF1F6C16B1B}) (Version: 4.1.129.0 - Validity Sensors, Inc.)
VIO (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
VSClassic (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
VSPro (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414) (HKLM\...\7E38E30BB92ED94B21CF062A7386554CBA991FEB) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3571644123-2064965057-3226276925-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3571644123-2064965057-3226276925-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3571644123-2064965057-3226276925-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe No File
CustomCLSID: HKU\S-1-5-21-3571644123-2064965057-3226276925-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-3571644123-2064965057-3226276925-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll No File
CustomCLSID: HKU\S-1-5-21-3571644123-2064965057-3226276925-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
13-10-2014 07:18:37 Scheduled Checkpoint
13-10-2014 14:50:48 Installed HP Support Assistant
13-10-2014 14:52:58 Windows Modules Installer
13-10-2014 14:53:45 Windows Modules Installer
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1F991B34-F757-4825-A8B7-6AD62A3F696C} - System32\Tasks\{A2935058-989F-430C-A902-DF70322F2221} => C:\Program Files (x86)\LTC\LTspiceIV\scad3.exe
Task: {29A8E15E-B6A0-4D04-BD67-D1D8C46F078A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {359B888B-57E0-4009-99C1-FCDE9AD2F752} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe
Task: {5652D60D-3F93-4FE1-9D4D-545899EEEFB6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {57660DB0-9848-4D7A-BD0C-D1B86F773BF7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {5966829C-D5CA-45DD-A35F-9658A1955A81} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {64FD8ED9-7D01-430A-B397-10FB76AB8203} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {7024B66E-182E-4A4D-9B1A-C05DD81E11D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-21] (Adobe Systems Incorporated)
Task: {7A03EA4D-4B65-47D8-8ED9-18E36A2ED390} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-21] (Google Inc.)
Task: {82BB755A-499F-462F-82F6-18F68C4D22FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2013-11-04] (Hewlett-Packard Company)
Task: {84149C61-8FAF-4A00-93EA-1EBCE74CFDD1} - System32\Tasks\Disk Cleanup Schedule => C:\Windows\System32\cleanmgr.exe [2009-07-13] (Microsoft Corporation)
Task: {9023BB49-9D0A-42C8-BE7D-D95AD5FD1BD4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {91C89376-3C87-4C33-8300-8D3E61F6F300} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9F0C10EB-81E6-45BD-8C46-92D450412915} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {B366F239-4B32-40B9-BA65-98EA7AB66DEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-21] (Google Inc.)
Task: {B38E37E9-C58E-491D-B226-5CDF9CE54AF4} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {B80AABAA-95E1-4416-8224-BE3425B7D9AC} - System32\Tasks\Error Checking Schedule => C:\Windows\System32\chkdsk.exe [2009-07-13] (Microsoft Corporation)
Task: {EFFE648B-A782-4314-B471-269652BA9B35} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-19 01:53 - 2010-01-19 01:53 - 00124560 _____ () c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll
2010-01-18 16:04 - 2010-01-18 16:04 - 00020480 _____ () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2010-01-20 17:20 - 2010-01-20 17:20 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2010-09-09 16:50 - 2010-09-09 16:50 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-09 15:11 - 2010-09-09 15:11 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-12-16 16:51 - 2009-12-16 16:51 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2009-12-16 16:51 - 2009-12-16 16:51 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DpHost => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CarboniteSetupLite => "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: igndlm.exe => C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: MaxMenuMgr => "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
MSCONFIG\startupreg: MSN Toolbar => "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe"
MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3571644123-2064965057-3226276925-500 - Administrator - Disabled)
Guest (S-1-5-21-3571644123-2064965057-3226276925-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3571644123-2064965057-3226276925-1002 - Limited - Enabled)
Michael (S-1-5-21-3571644123-2064965057-3226276925-1001 - Administrator - Enabled) => C:\Users\Michael
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/13/2014 08:07:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPMSGSVC.exe, version: 1.0.0.0, time stamp: 0x4b5407f0
Faulting module name: HPMSGSVC.exe, version: 1.0.0.0, time stamp: 0x4b5407f0
Exception code: 0xc0000005
Fault offset: 0x00000000000029ae
Faulting process id: 0xf50
Faulting application start time: 0xHPMSGSVC.exe0
Faulting application path: HPMSGSVC.exe1
Faulting module path: HPMSGSVC.exe2
Report Id: HPMSGSVC.exe3
 
Error: (10/13/2014 08:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_ProfSvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000060
Faulting process id: 0x3b4
Faulting application start time: 0xsvchost.exe_ProfSvc0
Faulting application path: svchost.exe_ProfSvc1
Faulting module path: svchost.exe_ProfSvc2
Report Id: svchost.exe_ProfSvc3
 
Error: (10/13/2014 08:03:55 PM) (Source: MsiInstaller) (EventID: 11310) (User: Blitzkriegs-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Michael\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (10/13/2014 08:03:26 PM) (Source: MsiInstaller) (EventID: 11310) (User: Blitzkriegs-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Michael\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (10/13/2014 10:07:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_Winmgmt, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x600
Faulting application start time: 0xsvchost.exe_Winmgmt0
Faulting application path: svchost.exe_Winmgmt1
Faulting module path: svchost.exe_Winmgmt2
Report Id: svchost.exe_Winmgmt3
 
Error: (10/13/2014 10:03:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Garmin.Cartography.MapUpdate.CoreService.exe, version: 2.1.11.0, time stamp: 0x513f71b7
Faulting module name: clr.dll, version: 4.0.30319.18444, time stamp: 0x52717e84
Exception code: 0xc00000fd
Fault offset: 0x003793f2
Faulting process id: 0x8f0
Faulting application start time: 0xGarmin.Cartography.MapUpdate.CoreService.exe0
Faulting application path: Garmin.Cartography.MapUpdate.CoreService.exe1
Faulting module path: Garmin.Cartography.MapUpdate.CoreService.exe2
Report Id: Garmin.Cartography.MapUpdate.CoreService.exe3
 
Error: (10/13/2014 09:51:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPMSGSVC.exe, version: 1.0.0.0, time stamp: 0x4b5407f0
Faulting module name: HPMSGSVC.exe, version: 1.0.0.0, time stamp: 0x4b5407f0
Exception code: 0xc0000005
Fault offset: 0x00000000000029ae
Faulting process id: 0xd78
Faulting application start time: 0xHPMSGSVC.exe0
Faulting application path: HPMSGSVC.exe1
Faulting module path: HPMSGSVC.exe2
Report Id: HPMSGSVC.exe3
 
Error: (10/13/2014 09:51:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_ProfSvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000060
Faulting process id: 0x1d0
Faulting application start time: 0xsvchost.exe_ProfSvc0
Faulting application path: svchost.exe_ProfSvc1
Faulting module path: svchost.exe_ProfSvc2
Report Id: svchost.exe_ProfSvc3
 
Error: (10/13/2014 08:46:35 AM) (Source: MsiInstaller) (EventID: 11310) (User: Blitzkriegs-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Michael\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (10/13/2014 08:46:14 AM) (Source: MsiInstaller) (EventID: 11310) (User: Blitzkriegs-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Michael\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
 
System errors:
=============
Error: (10/13/2014 08:08:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: 
%%1056
 
Error: (10/13/2014 08:07:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/13/2014 08:07:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/13/2014 08:07:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/13/2014 08:07:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/13/2014 08:07:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/13/2014 08:07:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/13/2014 08:07:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/13/2014 08:07:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/13/2014 08:07:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (12/03/2013 10:32:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 5519 seconds with 4200 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 49%
Total physical RAM: 3893.86 MB
Available physical RAM: 1981.77 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 5433.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:442.1 GB) (Free:312.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:465.76 GB) (Free:465.65 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:23.36 GB) (Free:3.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C154203F)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=442.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A51447D7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Cheers,
 
Michael

  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello Michael,

 

Let's see if this makes a difference.

 

Open notepad.

Please copy the contents of the code box below.

To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx []
C:\Program Files (x86)\McAfee
CMD: ipconfig /flushdns
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh winsock reset all
CMD: netsh int ip reset all
EmptyTemp:

This Registry file is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 


  • 0

#13
ital_mike92

ital_mike92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Here emeraldnzl,

 

Here is the Fixlog.txt file:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014 02
Ran by Michael at 2014-10-13 21:04:39 Run:1
Running from C:\Users\Michael\Desktop
Loaded Profile: Michael (Available profiles: Michael)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx []
C:\Program Files (x86)\McAfee
CMD: ipconfig /flushdns
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh winsock reset all
CMD: netsh int ip reset all
EmptyTemp:
*****************
 
C:\Program Files (x86)\McAfee\SiteAdvisor not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => Key deleted successfully.
"C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx" => File/Directory not found.
"C:\Program Files (x86)\McAfee" => File/Directory not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::c068:b1e:68a1:7974%13
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 14:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:388a:d8c:3f57:feb6
   Link-local IPv6 Address . . . . . : fe80::388a:d8c:3f57:feb6%22
   Default Gateway . . . . . . . . . : ::
 
Tunnel adapter isatap.telus:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : telus
   Link-local IPv6 Address . . . . . : fe80::c068:b1e:68a1:7974%13
   IPv4 Address. . . . . . . . . . . : 192.168.1.73
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 14:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:28b7:2e3c:3f57:feb6
   Link-local IPv6 Address . . . . . : fe80::28b7:2e3c:3f57:feb6%22
   Default Gateway . . . . . . . . . : ::
 
Tunnel adapter isatap.telus:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : telus
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset all =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 112 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello Michael,

 

Are you still getting the small red x by your wifi? Tell me when you come back. :)

 

For now

 

Please download Rkill by Grinler and save it to your desktop.

  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • When the scan is done Notepad will open with rKill log. Please copy and past that in your reply.

Note: rKill.txt log can also be found on your desktop.

 


  • 0

#15
ital_mike92

ital_mike92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hey emeraldnzl,

 

At the moment, there is no red x on the adapter icon. Not saying it won't come back later though :/

 

rKill didn't seem to find anything. Here's the log:

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/14/2014 04:48:09 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 10/14/2014 04:49:13 PM
Execution time: 0 hours(s), 1 minute(s), and 4 seconds(s)
 
Cheers,
 
Michael

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP