Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer crashes when not in Safe Mode [Closed]

Started by onnaday , Nov 01 2014 09:12 AM

  • This topic is locked This topic is locked

#1
onnaday
Posted 01 November 2014 - 09:12 AM

onnaday

    Member

  • Member
  • PipPip
  • 26 posts

Good Morning!

 

We have been having issues with the computer crashing as soon as we connect to the internet. It started with when viewing any video and continued to get worse. I tried running Windows Updates and HP Updates to see if that would fix the problem but neither helped. I am hopeful that one of the experts here can help. The OTL is attached. Attached File  OTL.Txt   76.55KB   145 downloads

 

Thanks ~ Onnaday

 

 

 

OTL logfile created on: 11/1/2014 9:18:21 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mom\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.87 Gb Total Physical Memory | 4.01 Gb Available Physical Memory | 82.36% Memory free
9.89 Gb Paging File | 9.17 Gb Available in Paging File | 92.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.83 Gb Total Space | 287.88 Gb Free Space | 63.57% Space Free | Partition Type: NTFS
Drive D: | 12.93 Gb Total Space | 1.78 Gb Free Space | 13.74% Space Free | Partition Type: NTFS
 
Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/01 09:17:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Downloads\OTL.exe
PRC - [2014/09/24 00:08:52 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/24 00:09:18 | 003,715,184 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011/04/08 16:06:50 | 000,295,424 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2010/05/07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2010/02/17 19:25:42 | 000,181,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/02/09 16:55:52 | 000,055,296 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/10/26 10:53:17 | 000,254,016 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/10/06 10:38:49 | 000,203,344 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2014/09/24 00:09:08 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/15 13:19:02 | 000,089,352 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014/05/07 18:42:15 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/12/09 10:26:07 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/29 19:30:10 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2009/03/30 07:41:56 | 000,151,552 | ---- | M] (Livescribe) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2007/04/13 11:20:22 | 000,097,432 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/12 20:38:00 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/15 13:35:26 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/11/25 02:48:36 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/23 02:05:08 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/09 21:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2010/11/09 21:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/16 10:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/07/22 14:42:20 | 000,024,576 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PulseUsb.sys -- (PulseUsb)
DRV:64bit: - [2009/06/22 17:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sxuptp.sys -- (sxuptp)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{42702B0B-C9A6-45FF-A76A-3B84C4ACFC37}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{470627EC-50FE-4C12-9E97-781485EB3CF3}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKLM\..\SearchScopes\{42702B0B-C9A6-45FF-A76A-3B84C4ACFC37}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{470627EC-50FE-4C12-9E97-781485EB3CF3}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.casualg...q={searchTerms}
IE - HKCU\..\SearchScopes\{42702B0B-C9A6-45FF-A76A-3B84C4ACFC37}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{470627EC-50FE-4C12-9E97-781485EB3CF3}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\..\SearchScopes\{6C9D2F79-E1FB-428C-8FBC-68FC01C533DD}: "URL" = http://search.freeca...p={searchTerms}
IE - HKCU\..\SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01}: "URL" = http://websearch.sea...47-E8E1535BB589
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.3
FF - prefs.js..extensions.enabledAddons: %7B7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D%7D:1.9.20.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.0.21
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..keyword.URL: "http://websearch.sea...=YYYYYYS1US&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mom\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/09/23 21:15:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/23 21:15:08 | 000,000,000 | ---D | M]
 
[2010/01/21 14:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Extensions
[2014/09/13 20:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\extensions
[2011/03/25 19:48:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2014/09/13 20:38:05 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2012/07/09 19:30:42 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\extensions\[email protected]
[2010/12/26 13:43:00 | 000,000,000 | ---D | M] (SlingHealth) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\extensions\[email protected]
[2013/11/21 14:49:12 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\extensions\[email protected]
[2010/12/11 21:17:10 | 000,003,360 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\searchplugins\search-results.xml
[2014/09/23 21:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/26 21:37:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage: http://start.casualgames.com/?o=shp
CHR - Extension: SiteAdvisor = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\
CHR - Extension: avast! WebRep = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\
 
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Qualys BrowserCheck IE Helper) - {7D2FB79E-E58C-4DB5-A36F-AC1C73967FA5} - C:\Windows\Downloaded Program Files\qbc_bho.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.109\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.109\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4:64bit: - HKLM..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor for Windows\RunProfiler.exe (PC-Doctor, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck....com/qbc_ax.cab (Qualys BrowserCheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EA08207-2343-4ADE-B6CB-D8E7D27A2EDD}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mom\Pictures\2009-08-11 summer 09\summer 09 034.JPG
O24 - Desktop BackupWallPaper: C:\Users\Mom\Pictures\2009-08-11 summer 09\summer 09 034.JPG
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{79f51818-c539-11dd-9c1a-002354132958}\Shell - "" = AutoRun
O33 - MountPoints2\{79f51818-c539-11dd-9c1a-002354132958}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/26 10:53:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games for HP
[2014/10/18 20:03:48 | 000,000,000 | ---D | C] -- C:\dcc39b12c2316342209602a298
[2014/10/15 09:52:09 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/10/08 08:18:30 | 000,000,000 | ---D | C] -- C:\Users\Mom\Desktop\2014_10_08
[2014/10/06 10:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Mom\Documents\*.tmp files -> C:\Users\Mom\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/01 09:06:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/31 16:33:00 | 000,001,460 | ---- | M] () -- C:\Users\Mom\AppData\Local\d3d9caps64.dat
[2014/10/31 15:55:37 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/31 15:55:37 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/26 13:04:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3385600622-3777350188-503640899-1000UA.job
[2014/10/26 12:17:14 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/26 12:17:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/26 10:54:00 | 000,002,184 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - hp.lnk
[2014/10/26 10:54:00 | 000,002,152 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2014/10/20 13:59:12 | 000,316,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/17 19:26:25 | 522,984,016 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/10/14 23:58:38 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3385600622-3777350188-503640899-1000Core.job
[2014/10/12 20:38:00 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/12 17:18:47 | 000,000,162 | -H-- | M] () -- C:\Users\Mom\Documents\~$orage Cover Letter.wps
[2014/10/09 20:42:13 | 000,000,482 | ---- | M] () -- C:\Users\Mom\Documents\cc_20141009_204159.reg
[2014/10/07 20:32:49 | 000,000,896 | ---- | M] () -- C:\Users\Mom\Documents\cc_20141007_203239.reg
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Mom\Documents\*.tmp files -> C:\Users\Mom\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/10/12 17:18:47 | 000,000,162 | -H-- | C] () -- C:\Users\Mom\Documents\~$orage Cover Letter.wps
[2014/10/09 20:42:02 | 000,000,482 | ---- | C] () -- C:\Users\Mom\Documents\cc_20141009_204159.reg
[2014/10/08 17:57:00 | 522,984,016 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/10/07 20:32:41 | 000,000,896 | ---- | C] () -- C:\Users\Mom\Documents\cc_20141007_203239.reg
[2014/03/02 13:09:29 | 000,100,352 | ---- | C] () -- C:\Users\Mom\10380455.dot
[2012/01/30 23:03:48 | 000,001,460 | ---- | C] () -- C:\Users\Mom\AppData\Local\d3d9caps64.dat
[2010/06/27 10:10:48 | 000,001,356 | ---- | C] () -- C:\Users\Mom\AppData\Local\d3d9caps.dat
[2009/04/04 22:05:43 | 000,061,224 | ---- | C] () -- C:\Users\Mom\GoToAssistDownloadHelper.exe
[2009/03/10 20:38:55 | 000,049,664 | ---- | C] () -- C:\Users\Mom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/19 21:40:53 | 000,029,820 | ---- | C] () -- C:\Users\Mom\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 11:30:37 | 012,900,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2009/04/18 21:08:13 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\acccore
[2012/06/17 21:26:11 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Anarchy
[2011/12/15 16:00:42 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Atari
[2013/03/29 22:13:44 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\AVG2013
[2008/11/20 23:08:17 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Canon
[2010/08/08 00:09:10 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\FrostWire
[2011/03/19 09:59:11 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Gamelab
[2008/12/21 00:32:29 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Gold Casual Games
[2012/06/19 20:03:19 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\HdO Adventure
[2010/03/02 09:56:08 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Inspiration Software
[2009/06/13 21:53:06 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\iWin
[2011/12/15 15:58:26 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Leadertech
[2009/03/10 18:09:54 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Meridian93
[2009/08/09 13:17:15 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\MusicNet
[2009/01/04 20:04:58 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\NewSoft
[2012/07/08 20:22:22 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Oberon Media
[2012/06/21 19:49:24 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Oberonv1001
[2012/06/19 19:01:02 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Oberonv1002
[2013/09/13 22:37:05 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Oracle
[2009/07/23 10:41:51 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\QQ Games Plugin
[2014/09/13 20:38:06 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\qualys
[2008/11/20 09:26:10 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\ScanSoft
[2009/01/07 17:47:37 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\SecretIslandEng
[2010/12/26 13:43:05 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Sling Media
[2010/03/02 09:55:45 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Softland
[2009/05/27 15:30:44 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\SpinTop
[2012/07/08 20:32:52 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\SpinTop Games
[2011/03/19 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\SPORE Creature Creator
[2014/09/04 22:02:09 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Spotify
[2008/11/19 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Template
[2010/08/02 16:54:38 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\TimeCalcPro
[2013/03/29 22:12:05 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\TuneUp Software
[2012/06/15 20:22:03 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WildTangent
[2009/01/14 22:52:10 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WildTangentv1001
[2009/02/14 16:33:06 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WildTangentv1005
[2008/11/27 22:27:57 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:30C74695
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:E0648389
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:402E8B54
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:822DC04E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:3C7F3296
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C15430E0
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:178D4338
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4AC9B4B7

< End of report >OTL Extras logfile created on: 11/1/2014 9:18:21 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mom\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.87 Gb Total Physical Memory | 4.01 Gb Available Physical Memory | 82.36% Memory free
9.89 Gb Paging File | 9.17 Gb Available in Paging File | 92.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.83 Gb Total Space | 287.88 Gb Free Space | 63.57% Space Free | Partition Type: NTFS
Drive D: | 12.93 Gb Total Space | 1.78 Gb Free Space | 13.74% Space Free | Partition Type: NTFS
 
Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 73 84 4B AA 07 6D CA 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BED8589-E5A4-4CBD-B7A7-D827CF3927B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0E1D9B6B-20AA-4FFF-9CF2-92303BF3599A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2D716D58-25F5-41B0-8BE7-B59C214C3051}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3EABE1FD-FCAC-4700-8941-4B44B436041A}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |
"{C9170C4E-8D14-47E6-8336-61EC0653AB99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00655F11-83B7-4CAB-921F-7C7BFCB0C7C5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{007983DE-AB06-4037-94AF-67BF8EB5F3A7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0255C1F5-60A7-4CB2-9623-A68C7B53FC0D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{09B09FCF-D147-47CD-B54A-9B0F08D87FCF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{09E6A2E6-B855-48B4-910C-658449722DE6}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{0F767ECD-7E7B-4294-9FE2-34778970AA43}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F101F61-6DE8-4E5E-86F2-E8FC1CC3C0A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{220F8DEC-E82C-4AE0-A9B6-D62D08A67CF6}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{2BFA2DC9-E455-4DE7-9DED-77386D35C837}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2FB3A894-3C39-4864-96FD-CABD6FE1A0BB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{381EA46D-C68C-495A-917A-347ED4FBA4D8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47613990-ACBE-4A32-91A3-1B9A9AA910C4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{4AF67053-6B56-4659-AA27-97F5D34FB4C0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4BC07BEE-7FA0-48B6-8DC3-E7BC988BC4BC}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{583F54C5-6F8A-49A6-AE93-E2CC0FF56D3D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{617D21CD-2109-41AF-9B8E-6D86A9A93A16}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{64B3C386-AB4F-488D-923F-600DD5C0F694}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{6E924960-B80D-4101-B287-248953AE199E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{7106915D-54A4-496A-ADF8-7F45AF5C1E55}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |
"{8454357A-627D-4EB8-949B-29FD170EB6E4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{8B52FC55-6AED-4C4B-B1D9-A2E0E577BB1E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{90129FBD-B50D-42BA-9085-E6B1AC13BE72}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{A8710028-EB29-4F52-B90E-079B4FF6FF2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B3933F82-C9A1-44DA-A5BC-4AD3CD525FF3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B47B14D5-6482-4A41-8208-6A34BB1AD6A6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BD07EEC2-5430-49AB-A4E0-EFB50830C984}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |
"{BDF49356-6D98-4384-87E1-97FC3654900D}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{BF3E40DA-CF1E-42E2-A1C8-90D5E0AD9BCA}" = dir=in | app=c:\users\mom\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{C00E2430-32BF-4922-8AFF-4D8D8F367409}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CC4DBCA8-BC3C-4D12-ABC3-125491F095C4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{D3648357-6DDB-44F3-988A-FA1A8C8FFAC0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{D4370E52-7FF1-41AF-B6B9-0C5832897BB8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D593CE1B-B503-457F-A206-62BFFC5D2DBE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DAB3966C-2F23-40C1-BB18-BC7AA91CEFDC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{DE1AE676-FF33-4839-A26D-02956C4724E8}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{DFED6007-2FC6-4AB4-8A22-B1D5D8422A01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC9AF0DF-FDA6-47F1-B49F-6FCE4E0288B3}" = dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |
"{ED80D71A-2E4A-4E5E-8BEC-940563B5DC3D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EE11DDD8-74CA-4DEC-BD62-9CF2C4815199}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{F62A060D-E540-4323-BD7A-D382AA411C0D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{F298138E-056B-4B85-9487-8ED4899F5029}C:\users\mom\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mom\appdata\roaming\spotify\spotify.exe |
"TCP Query User{FA780B92-6336-48E6-B2A0-F27CE2D6C361}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"UDP Query User{806F6903-C7CA-4FC3-9CC7-763A2ED8AB92}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"UDP Query User{D0D25A4B-6765-4C03-B7B1-74C067F4E9D8}C:\users\mom\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mom\appdata\roaming\spotify\spotify.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4274C1D4-6234-42EC-88B4-98817F662028}" = AVG 2013
"{4F619492-25AA-438F-A403-CFCEA3EC647B}" = AVG 2013
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFFF260C-F510-45BB-8F8E-1D4AC1232786}" = Adobe Photoshop Lightroom 3.3 64-bit
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"1ECD657E4445D4F72EB15751A07E4215BA450674" = Windows Driver Package - Livescribe (PulseUsb) DigitalPen  (07/22/2009 2.1.6.0)
"AVG" = AVG 2013
"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"Inspiration 9 PDF Driver_is1" = Inspiration 9 PDF Driver (novaPDF 7.0 printer)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Puran Defrag_is1" = Puran Defrag 7.3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3365E735-48A6-4194-9988-CE59AC5AE503}" = Bing Bar
"{3E5DA526-F420-45A6-9F27-D2B5246D6823}" = Free Natural Text to Speech Reader 2008
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}" = HP Support Solutions Framework
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App for HP
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{ABB977BD-2CBF-4C4D-BB4C-AB415AA42DAA}" = Livescribe™ Desktop
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}" = Hoyle Card Games 2005
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F31E534B-4199-4552-8154-5C130710D68E}" = HP Total Care Advisor
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"117485130" = Mystery P.I. - Lost in Los Angeles
"118744537" = Mystery PI The London Caper
"119285220" = Mystery P.I. - Stolen in San Francisco
"510005524" = Around the World in Eighty Days - Extended Edition
"510005536" = Mystery P.I. The Curious Case of Counterfeit Cove
"510005691" = Vacation Quest - Australia
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Aim Plugin for QQ Games" = Aim Plugin for QQ Games
"AIM_7" = AIM 7
"AIMTunes" = AIMTunes
"ATT-PRT22" = ATT-PRT22
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Canon MX310 series User Registration" = Canon MX310 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"GamesBar" = GamesBar 2.0.1.109
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"Inspiration 9" = Inspiration 9
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Standard)
"Logitech Vid" = Logitech Vid HD
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 32.0.3 (x86 en-US)" = Mozilla Firefox 32.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Mystery P.I. - The Vegas Heist" = Mystery P.I. - The Vegas Heist
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Product_Name" = Ouba
"QQ Games" = QQ Games
"RC_Vista.exe" = RC_Vista.exe
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 22000" = World of Goo
"Steam App 22010" = World of Goo Demo
"TabIt for Windows_is1" = TabIt version 2.03
"TimeCalcPro" = TimeCalcPro
"Video Mover_is1" = Video Mover
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-611499fc-c89b-41cd-ba93-3a7abc48036d" = Island Wars 2 Christmas Edition
"WTA-a9fd9b42-80d1-4d8f-b200-653c3cf9dcd1" = Ghost Encounters: Deadwood
"WTA-c9c0cf9c-042d-49af-b503-ff1c852c8b72" = Crazy Chicken Kart 2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = AT&T Yahoo! Internet Mail
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/25/2014 9:41:25 PM | Computer Name = Mom-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 10/25/2014 9:41:36 PM | Computer Name = Mom-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/26/2014 10:18:30 AM | Computer Name = Mom-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/26/2014 10:32:27 AM | Computer Name = Mom-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 10/26/2014 1:06:50 PM | Computer Name = Mom-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/26/2014 1:08:50 PM | Computer Name = Mom-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 10/31/2014 4:59:37 PM | Computer Name = Mom-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/31/2014 5:32:01 PM | Computer Name = Mom-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 11/1/2014 10:08:11 AM | Computer Name = Mom-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11/1/2014 10:11:56 AM | Computer Name = Mom-PC | Source = EventSystem | ID = 4609
Description =
 
[ System Events ]
Error - 10/31/2014 5:32:01 PM | Computer Name = Mom-PC | Source = DCOM | ID = 10005
Description =
 
Error - 10/31/2014 5:32:09 PM | Computer Name = Mom-PC | Source = DCOM | ID = 10005
Description =
 
Error - 10/31/2014 5:32:09 PM | Computer Name = Mom-PC | Source = DCOM | ID = 10005
Description =
 
Error - 11/1/2014 10:08:11 AM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 11/1/2014 10:08:11 AM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 11/1/2014 10:08:11 AM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 11/1/2014 10:11:46 AM | Computer Name = Mom-PC | Source = DCOM | ID = 10005
Description =
 
Error - 11/1/2014 10:11:56 AM | Computer Name = Mom-PC | Source = DCOM | ID = 10005
Description =
 
Error - 11/1/2014 10:12:04 AM | Computer Name = Mom-PC | Source = DCOM | ID = 10005
Description =
 
Error - 11/1/2014 10:12:04 AM | Computer Name = Mom-PC | Source = DCOM | ID = 10005
Description =
 
 
< End of report >


Edited by onnaday, 01 November 2014 - 09:41 AM.

  • 0

Advertisements

#2
Essexboy
Posted 06 November 2014 - 11:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi sorry for the delay, could I have a fresh look please

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
onnaday
Posted 06 November 2014 - 03:16 PM

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Thanks so much for taking the time to assist me!

 

Here are the logs:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Mom (administrator) on MOM-PC on 06-11-2014 15:08:14
Running from C:\Users\Mom\Downloads
Loaded Profile: Mom (Available profiles: Mom)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-04-29] (Affinegy, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation)
HKLM\...\RunOnce: [PCDrProfiler] => C:\Program Files\PC-Doctor for Windows\RunProfiler.exe [102912 2008-09-09] (PC-Doctor, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3385600622-3777350188-503640899-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3385600622-3777350188-503640899-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3385600622-3777350188-503640899-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3385600622-3777350188-503640899-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware)
HKU\S-1-5-21-3385600622-3777350188-503640899-1000\...\MountPoints2: {79f51818-c539-11dd-9c1a-002354132958} - L:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {42702B0B-C9A6-45FF-A76A-3B84C4ACFC37} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM - {470627EC-50FE-4C12-9E97-781485EB3CF3} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect...nType=tb50trie7
SearchScopes: HKLM-x32 - {42702B0B-C9A6-45FF-A76A-3B84C4ACFC37} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {470627EC-50FE-4C12-9E97-781485EB3CF3} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKCU - DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.casualg...q={searchTerms}
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect...nType=tb50trie7
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.casualg...q={searchTerms}
SearchScopes: HKCU - {42702B0B-C9A6-45FF-A76A-3B84C4ACFC37} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {470627EC-50FE-4C12-9E97-781485EB3CF3} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKCU - {6C9D2F79-E1FB-428C-8FBC-68FC01C533DD} URL = http://search.freeca...p={searchTerms}
SearchScopes: HKCU - {C7576B9D-B442-46bc-AF74-080A9E723E01} URL = http://websearch.sea...47-E8E1535BB589
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Qualys BrowserCheck IE Helper -> {7D2FB79E-E58C-4DB5-A36F-AC1C73967FA5} -> C:\Windows\Downloaded Program Files\qbc_bho.dll (Qualys, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
BHO-x32: GamesBarBHO Class -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> C:\Program Files (x86)\GamesBar\2.0.1.109\oberontb.dll (Oberon Media Ltd.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.109\oberontb.dll (Oberon Media Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/stg_drm.ocx
DPF: HKLM-x32 {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck....com/qbc_ax.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/armhelper.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default
FF SearchEngineOrder.1: Search-Results
FF Homepage: hxxp://www.aol.com/
FF Keyword.URL: hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=FW-SRS&o=16074&locale=en_US&apn_uid=68F78CDC-0616-4940-8420-ECDEA2A2E99D&apn_ptnrs=OC&apn_sauid=0D551703-16AF-4E8B-9347-E8E1535BB589&apn_dtid=YYYYYYS1US&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @pack.google.com/Google Updater;version=13 -> C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mom\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF user.js: detected! => C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\searchplugins\search-results.xml
FF Extension: Oberon GamesBar - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\[email protected] [2012-07-09]
FF Extension: SlingHealth - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\[email protected] [2010-12-26]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-25]
FF Extension: Qualys BrowserCheck - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2014-09-13]
FF Extension: Test Pilot - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\[email protected] [2011-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-26]

Chrome:
=======
CHR Profile: C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-07-24]
CHR Extension: (avast! WebRep) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2011-07-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-04-29] (Affinegy, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-26] (WildTangent)
S2 gupdate1c99932c93e7d83; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912 2014-10-26] (Google Inc.)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] () [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-07-21] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-08-14] (Alcatel-Lucent) [File not signed]
S4 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [151552 2009-03-30] (Livescribe) [File not signed]
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [295424 2011-04-08] (Puran Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-09-16] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-06-06] (NVIDIA Corporation)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [24576 2009-07-22] (Windows ® Codename Longhorn DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 15:08 - 2014-11-06 15:09 - 00024574 _____ () C:\Users\Mom\Downloads\FRST.txt
2014-11-06 15:07 - 2014-11-06 15:08 - 00000000 ____D () C:\FRST
2014-11-06 15:07 - 2014-11-06 15:07 - 02114560 _____ (Farbar) C:\Users\Mom\Downloads\FRST64.exe
2014-11-06 14:38 - 2014-11-06 14:38 - 00091136 _____ () C:\Users\Mom\Documents\Rental_Agreement_-_730_Allison.wps
2014-11-06 14:20 - 2014-11-06 14:20 - 00000000 ____D () C:\Users\Mom\Desktop\2014_11_06
2014-11-06 11:25 - 2014-11-06 11:25 - 00271720 _____ () C:\Windows\Minidump\Mini110614-01.dmp
2014-11-06 09:58 - 2014-11-06 09:58 - 00001628 _____ () C:\Windows\PFRO.log
2014-11-05 21:14 - 2014-11-05 21:14 - 00000000 ____D () C:\SUPERDelete
2014-11-05 21:13 - 2014-11-06 14:16 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-05 21:13 - 2014-11-05 21:13 - 00001758 _____ () C:\Users\Mom\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-11-05 21:13 - 2014-11-05 21:13 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\SUPERAntiSpyware.com
2014-11-05 21:13 - 2014-11-05 21:13 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-11-05 21:13 - 2014-11-05 21:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-11-05 21:10 - 2014-11-05 21:12 - 20170344 _____ (SUPERAntiSpyware) C:\Users\Mom\Downloads\SAS_5305.EXE
2014-11-05 20:38 - 2014-11-05 20:41 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Mom\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-05 20:21 - 2014-11-05 20:22 - 00271720 _____ () C:\Windows\Minidump\Mini110514-01.dmp
2014-11-03 19:39 - 2014-11-03 19:39 - 00001073 _____ () C:\Users\Mom\Desktop\730_Rental_application-1 - Shortcut.lnk
2014-11-01 09:04 - 2014-11-01 09:04 - 00078392 _____ () C:\Users\Mom\Desktop\OTL.Txt
2014-11-01 08:32 - 2014-11-01 09:34 - 00062188 _____ () C:\Users\Mom\Downloads\Extras.Txt
2014-11-01 08:31 - 2014-11-01 08:56 - 00078392 _____ () C:\Users\Mom\Downloads\OTL.Txt
2014-11-01 08:17 - 2014-11-01 08:17 - 00602112 _____ (OldTimer Tools) C:\Users\Mom\Downloads\OTL.exe
2014-10-26 09:53 - 2014-11-02 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games for HP
2014-10-20 10:28 - 2014-09-27 17:41 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-20 10:28 - 2014-09-17 00:57 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-20 10:28 - 2014-09-16 10:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-20 10:23 - 2014-06-15 16:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-20 10:23 - 2014-06-15 16:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-20 10:23 - 2014-06-13 12:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-20 10:23 - 2014-06-13 12:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-20 10:23 - 2014-06-13 11:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-20 10:23 - 2014-06-13 11:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-20 10:22 - 2014-09-04 17:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-18 19:03 - 2014-10-18 19:04 - 00000000 ____D () C:\dcc39b12c2316342209602a298
2014-10-17 18:27 - 2014-10-17 18:27 - 00275960 _____ () C:\Windows\Minidump\Mini101714-01.dmp
2014-10-15 09:11 - 2014-09-19 18:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 09:11 - 2014-09-19 17:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 09:11 - 2014-09-19 17:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 09:11 - 2014-09-19 17:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 09:11 - 2014-09-19 17:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 09:11 - 2014-09-19 17:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 09:11 - 2014-09-19 17:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 09:11 - 2014-09-19 17:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 09:11 - 2014-09-19 17:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 09:11 - 2014-09-19 17:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 09:11 - 2014-09-19 17:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 09:11 - 2014-09-19 17:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 09:11 - 2014-09-19 17:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 09:11 - 2014-09-19 17:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 09:11 - 2014-09-19 17:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 09:11 - 2014-09-19 17:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 09:11 - 2014-09-19 17:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 09:11 - 2014-09-19 17:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 09:11 - 2014-09-19 16:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 09:11 - 2014-09-19 16:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 09:11 - 2014-09-19 16:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 09:11 - 2014-09-19 16:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 09:11 - 2014-09-19 16:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 09:11 - 2014-09-19 16:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-15 09:11 - 2014-09-19 16:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 09:11 - 2014-09-19 16:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 09:11 - 2014-09-19 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 09:11 - 2014-09-19 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 09:11 - 2014-09-19 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 09:11 - 2014-09-19 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-15 09:11 - 2014-09-19 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 09:11 - 2014-09-19 16:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 09:11 - 2014-09-19 16:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 09:11 - 2014-09-19 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 09:11 - 2014-09-19 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-15 09:11 - 2014-09-19 16:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 09:10 - 2014-09-19 17:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 09:10 - 2014-09-19 17:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 09:10 - 2014-09-19 17:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 09:10 - 2014-09-19 16:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 09:10 - 2014-09-19 16:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 09:10 - 2014-09-19 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-15 08:52 - 2014-10-15 08:52 - 00000000 __SHD () C:\found.000
2014-10-13 10:39 - 2014-10-13 10:39 - 00275960 _____ () C:\Windows\Minidump\Mini101314-01.dmp
2014-10-12 16:18 - 2014-10-12 16:18 - 00000162 ____H () C:\Users\Mom\Documents\~$orage Cover Letter.wps
2014-10-10 17:21 - 2014-10-10 17:21 - 00275960 _____ () C:\Windows\Minidump\Mini101014-02.dmp
2014-10-10 09:22 - 2014-10-10 09:23 - 00275960 _____ () C:\Windows\Minidump\Mini101014-01.dmp
2014-10-09 19:42 - 2014-10-09 19:42 - 00000482 _____ () C:\Users\Mom\Documents\cc_20141009_204159.reg
2014-10-08 16:57 - 2014-11-06 11:24 - 406287712 _____ () C:\Windows\MEMORY.DMP
2014-10-08 16:57 - 2014-10-08 16:57 - 00275960 _____ () C:\Windows\Minidump\Mini100814-01.dmp
2014-10-08 07:18 - 2014-10-08 07:18 - 00000000 ____D () C:\Users\Mom\Desktop\2014_10_08
2014-10-07 19:32 - 2014-10-07 19:32 - 00000896 _____ () C:\Users\Mom\Documents\cc_20141007_203239.reg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 14:38 - 2008-11-19 20:40 - 00029764 _____ () C:\Users\Mom\AppData\Roaming\wklnhst.dat
2014-11-06 14:36 - 2014-07-30 20:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 14:18 - 2008-11-19 20:39 - 00003570 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-11-06 14:17 - 2009-06-30 08:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 14:15 - 2006-11-02 06:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 14:14 - 2014-06-09 19:39 - 01395940 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 14:14 - 2009-06-30 08:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 14:07 - 2012-05-15 09:02 - 00000000 ____D () C:\Windows\SysWOW64\logishrd
2014-11-06 14:07 - 2012-05-15 09:02 - 00000000 ____D () C:\Windows\system32\logishrd
2014-11-06 14:07 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 14:07 - 2006-11-02 09:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 14:07 - 2006-11-02 09:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 11:25 - 2011-07-16 23:52 - 00000000 ____D () C:\Windows\Minidump
2014-11-05 21:14 - 2008-09-06 02:38 - 00000000 ____D () C:\Program Files\AWS
2014-11-05 20:41 - 2014-07-30 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-05 20:41 - 2014-07-30 20:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-05 20:41 - 2013-02-03 18:17 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-05 20:10 - 2012-01-30 22:03 - 00001460 _____ () C:\Users\Mom\AppData\Local\d3d9caps64.dat
2014-11-04 11:57 - 2011-07-13 21:09 - 00003670 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7773CC6A-F13A-45CF-95B9-1FCA42AC7C7D}
2014-11-04 10:08 - 2014-08-27 15:58 - 00000000 ____D () C:\Users\Mom\AppData\Local\Adobe
2014-11-04 10:08 - 2014-06-09 20:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-04 10:08 - 2014-06-09 20:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-04 10:06 - 2012-01-31 20:20 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\HpUpdate
2014-11-04 10:04 - 2012-09-17 20:59 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3385600622-3777350188-503640899-1000UA.job
2014-11-03 10:41 - 2008-12-25 12:47 - 00000000 ____D () C:\Program Files (x86)\Ouba
2014-11-02 10:38 - 2011-12-15 13:12 - 00002152 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-11-02 10:38 - 2006-11-02 09:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-31 14:56 - 2006-11-02 09:42 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-28 05:34 - 2009-10-03 00:48 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 11:12 - 2009-06-30 08:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-26 11:12 - 2009-06-30 08:19 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-26 09:53 - 2011-12-15 13:11 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-10-20 12:59 - 2014-08-01 19:03 - 00316192 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-20 10:25 - 2009-03-10 19:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 19:08 - 2008-11-19 19:54 - 00000000 ____D () C:\Users\Mom
2014-10-18 19:04 - 2013-08-06 08:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 19:04 - 2006-11-02 06:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-16 07:40 - 2013-03-25 10:17 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-14 22:58 - 2012-09-17 20:59 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3385600622-3777350188-503640899-1000Core.job

Files to move or delete:
====================
C:\Users\chris.Mom-PC\jagex_runescape_preferences.dat
C:\Users\chris.Mom-PC\jagex_runescape_preferences2.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-06 14:19

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Mom at 2014-11-06 15:09:36
Running from C:\Users\Mom\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2060 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.3 64-bit (HKLM\...\{CFFF260C-F510-45BB-8F8E-1D4AC1232786}) (Version: 3.3.1 - Adobe)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
Aim Plugin for QQ Games (HKLM-x32\...\Aim Plugin for QQ Games) (Version:  - )
AIMTunes (HKLM-x32\...\AIMTunes) (Version:  - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Around the World in Eighty Days - Extended Edition (HKLM-x32\...\510005524) (Version:  - Oberon Media)
AT&T Yahoo! Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version:  - )
ATT-PRT22 (HKLM-x32\...\ATT-PRT22) (Version:  - )
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4031 - AVG Technologies) Hidden
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.3 - Belkin International, Inc.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.10.1217.0 - Logitech) Hidden
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MX310 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series) (Version:  - )
Canon MX310 series User Registration (HKLM-x32\...\Canon MX310 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: .1707 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Enhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version:  - Hewlett-Packard)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Video Calling 1.2.0.159 (HKLM-x32\...\{7CAC6A44-C3DE-4153-ACA6-7524602C789E}) (Version: 1.2.159 - Skype Limited)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free Natural Text to Speech Reader 2008 (HKLM-x32\...\{3E5DA526-F420-45A6-9F27-D2B5246D6823}) (Version: 7.0 - NaturalSoft Limited)
GamesBar 2.0.1.109 (HKLM-x32\...\GamesBar) (Version: 2.0.1.109 - Oberon Media, Inc.)
Ghost Encounters: Deadwood (x32 Version: 2.2.0.110 - WildTangent) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Updater (HKLM-x32\...\Google Updater) (Version: 2.4.1536.6592 - Google Inc.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.4976.17 - PC-Doctor, Inc.)
Hewlett-Packard Active Check for Health Check (x32 Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.63.2 - HP) Hidden
Hoyle Card Games 2005 (HKLM-x32\...\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}) (Version: 1.2.0.0 - Encore, Inc.)
HP Customer Experience Enhancements (HKLM-x32\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Demo (HKLM-x32\...\{97ABD26A-3249-46CB-B2E2-F66E64B2E480}) (Version: 1.00.0000 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 4.0.0013 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Total Care Advisor (HKLM-x32\...\{F31E534B-4199-4552-8154-5C130710D68E}) (Version: 2.4.6651.2902 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoSmartPhotobookWebPack1 (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM-x32\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)
IKEA Home Planner (HKLM-x32\...\{B3276CB1-20B6-4AF9-AAEC-E72C83816495}) (Version: 2.0.3 - IKEA IT)
Inspiration 9 (HKLM-x32\...\Inspiration 9) (Version:  - )
Inspiration 9 PDF Driver (novaPDF 7.0 printer) (HKLM\...\Inspiration 9 PDF Driver_is1) (Version:  - Softland)
Island Wars 2 Christmas Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
K-Lite Codec Pack 6.1.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.1.0 - )
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2913 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}) (Version: 1.18.17.1 - LightScribe)
LightScribeTemplateLabeler (HKLM-x32\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Livescribe™ Desktop (HKLM-x32\...\{ABB977BD-2CBF-4C4D-BB4C-AB415AA42DAA}) (Version: 1.6 - Livescribe)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.00.1774.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 Trial (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{56F26668-13DA-497A-883F-61434A10CBAB}) (Version: 3.1.5.0 - Apple Inc.)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
muvee autoProducer 6.1 (HKLM-x32\...\{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}) (Version: 6.10.050 - muvee Technologies)
Mystery P.I. - Lost in Los Angeles (HKLM-x32\...\117485130) (Version:  - Oberon Media)
Mystery P.I. - Stolen in San Francisco (HKLM-x32\...\119285220) (Version:  - Oberon Media)
Mystery P.I. - The Vegas Heist (HKLM-x32\...\Mystery P.I. - The Vegas Heist) (Version:  - Spintop Media, Inc)
Mystery P.I. The Curious Case of Counterfeit Cove (HKLM-x32\...\510005536) (Version:  - Oberon Media)
Mystery PI The London Caper (HKLM-x32\...\118744537) (Version:  - Oberon Media)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Ouba (HKLM-x32\...\Product_Name) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.4.3 - Pando Networks Inc.)
PIXMA Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.4524 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3416 - CyberLink Corp.)
PowerDirector (x32 Version: 6.5.3416 - CyberLink Corp.) Hidden
Presto! PageManager 7.15.16 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.16 - NewSoft Technology Corporation)
PSSWCORE (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
Puran Defrag 7.3 (HKLM\...\Puran Defrag_is1) (Version:  - Puran Software)
Python 2.5.2 (HKLM-x32\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
QQ Games (HKLM-x32\...\QQ Games) (Version: 2.0.102.42 - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RC_Vista.exe (HKLM-x32\...\RC_Vista.exe) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5657 - Realtek Semiconductor Corp.)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Search-Results Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.9.1.0 - Search-Results.com) <==== ATTENTION
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TabIt version 2.03 (HKLM-x32\...\TabIt for Windows_is1) (Version: 2.03 - GTAB Software)
TimeCalcPro (HKLM-x32\...\TimeCalcPro) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - Australia (HKLM-x32\...\510005691) (Version:  - Oberon Media)
Video Mover (HKLM-x32\...\Video Mover_is1) (Version:  - )
VideoToolkit01 (x32 Version: 110.0.171.000 - Hewlett-Packard) Hidden
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VoiceOver Kit (HKLM-x32\...\{7C5B4583-7CBF-4289-B195-03B553959DEA}) (Version: 1.40.128.0 - Apple Inc.)
WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Driver Package - Livescribe (PulseUsb) DigitalPen  (07/22/2009 2.1.6.0) (HKLM\...\1ECD657E4445D4F72EB15751A07E4215BA450674) (Version: 07/22/2009 2.1.6.0 - Livescribe)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
World of Goo (HKLM-x32\...\Steam App 22000) (Version:  - 2D Boy)
World of Goo Demo (HKLM-x32\...\Steam App 22010) (Version:  - 2D Boy)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3385600622-3777350188-503640899-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Mom\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3385600622-3777350188-503640899-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Mom\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)

==================== Restore Points  =========================

12-09-2014 18:55:43 Windows Update
13-09-2014 13:46:17 Windows Update
14-09-2014 01:47:16 Installed QuickTime 7
14-09-2014 01:50:55 Installed Java 7 Update 67
14-09-2014 02:12:07 Removed Safari
16-09-2014 02:22:25 Scheduled Checkpoint
16-09-2014 23:31:38 Scheduled Checkpoint
18-09-2014 00:58:20 Scheduled Checkpoint
18-09-2014 22:06:21 Scheduled Checkpoint
21-09-2014 02:13:51 Scheduled Checkpoint
24-09-2014 15:55:15 Scheduled Checkpoint
25-09-2014 18:24:25 Windows Update
27-09-2014 19:54:35 Scheduled Checkpoint
30-09-2014 03:11:07 Installed HP Support Solutions Framework
30-09-2014 03:27:08 Installed PowerDirector
03-10-2014 00:18:20 Scheduled Checkpoint
06-10-2014 17:20:52 Scheduled Checkpoint
08-10-2014 01:35:05 Removed Search-results Toolbar.
08-10-2014 16:54:18 Scheduled Checkpoint
10-10-2014 22:00:52 Scheduled Checkpoint
19-10-2014 01:02:18 Windows Update
20-10-2014 16:18:24 Windows Update
25-10-2014 17:50:17 Windows Update
04-11-2014 16:09:26 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:34 - 2006-09-18 15:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {063A546A-C7D3-491F-9BB7-D141E7DCC475} - \e51c390 No Task File <==== ATTENTION
Task: {110E1048-C03F-42C3-90F8-0990F99D0DCF} - \a1842fb0 No Task File <==== ATTENTION
Task: {1D8A467C-144E-41FF-8C15-94DA41F0B248} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02] (Hewlett-Packard)
Task: {224C8F19-3511-4BEC-BA16-DC651AA5E4E5} - System32\Tasks\e00e0678 => C:\Users\CHRIS~1.MOM\AppData\Local\Temp\\setup2556182840.exe <==== ATTENTION
Task: {2F7EEC38-788B-42D2-8ACD-9FAC04CB2B89} - \1f7c18d0 No Task File <==== ATTENTION
Task: {397D594C-A0E2-467E-8FF7-9E361148A0CA} - System32\Tasks\81e51ef8 => C:\Users\CHRIS~1.MOM\AppData\Local\Temp\\setup1866563832.exe <==== ATTENTION
Task: {3DD2EA26-98D6-45BB-B4F7-CB00ED9906B2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3385600622-3777350188-503640899-1000UA => C:\Users\Mom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-17] (Facebook Inc.)
Task: {4C1ED822-5346-4307-A5FF-0150B6714B04} - \12ab2cd0 No Task File <==== ATTENTION
Task: {51FE9926-0B0E-4FC0-8DB6-DFF96CA153E7} - System32\Tasks\86918cf8 => C:\Users\CHRIS~1.MOM\AppData\Local\Temp\\setup1735533048.exe <==== ATTENTION
Task: {56104DAA-F5D6-4AEF-AAC1-BD1E096CD373} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2010-09-28] () <==== ATTENTION
Task: {60003BF8-1059-4A62-923F-3F596E843E17} - System32\Tasks\840cbff8 => C:\Users\CHRIS~1.MOM\AppData\Local\Temp\\setup1431475384.exe <==== ATTENTION
Task: {616CB74F-DAFE-4BF0-8C41-238973831F7E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3385600622-3777350188-503640899-1000Core => C:\Users\Mom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-17] (Facebook Inc.)
Task: {64EF11A1-197D-42B8-BB38-93E990329034} - System32\Tasks\bc6e78 => C:\Users\CHRIS~1.MOM\AppData\Local\Temp\\setup4099323640.exe <==== ATTENTION
Task: {77F76502-E14B-4B8D-9F72-02B707D7D187} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {84744BB7-1210-4D14-BFD2-0C4F18AA943F} - \98e63790 No Task File <==== ATTENTION
Task: {8A8E3409-1EF5-40ED-9AF1-72D17FB03126} - \eeefc8b0 No Task File <==== ATTENTION
Task: {90983F74-14FF-4006-967F-DD528D1D5E21} - System32\Tasks\db79a078 => C:\Users\CHRIS~1.MOM\AppData\Local\Temp\\setup2584068536.exe <==== ATTENTION
Task: {915B2204-D4FB-4FB4-A5BB-E40F06875D80} - System32\Tasks\89732e78 => C:\Users\CHRIS~1.MOM\AppData\Local\Temp\\setup1940954424.exe <==== ATTENTION
Task: {929E2AFE-71A2-4398-9ED4-588E90CE5DFE} - System32\Tasks\5b30baf8 => C:\Users\CHRIS~1.MOM\AppData\Local\Temp\\setup1060127544.exe <==== ATTENTION
Task: {9D78F7DE-038A-40B2-9E90-3954294F8D2D} - \b6678ed0 No Task File <==== ATTENTION
Task: {A20616A8-CF36-453F-BF1E-FB1F66F25FC0} - \ac718c30 No Task File <==== ATTENTION
Task: {AFEBA84A-CABB-447D-82E2-247CCF16F9D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B24A27F4-6DE7-4AC6-BE05-8F384DB3DF67} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {C60B3259-012E-4C90-9720-21E10092851E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {C802469B-985D-4380-B2D4-191572223AAE} - System32\Tasks\f14393b8 => C:\Users\CHRIS~1.MOM\AppData\Local\Temp\\setup2792545080.exe <==== ATTENTION
Task: {CA52D3D5-411E-44D3-B9AE-B6D0D71A78A0} - System32\Tasks\c1c886b8 => C:\Users\CHRIS~1.MOM\AppData\Local\Temp\\setup2624271672.exe <==== ATTENTION
Task: {CE60A563-EFD5-4D27-AA6A-70220AAF5902} - \4928bdb0 No Task File <==== ATTENTION
Task: {DE44E2F3-CBE0-4173-8091-9A3CAB1CD91C} - System32\Tasks\11fb3fb8 => C:\Users\CHRIS~1.MOM\AppData\Local\Temp\\setup3446173112.exe <==== ATTENTION
Task: {E9BAFC2E-B25E-45C5-93EA-3262AFA562F9} - System32\Tasks\8ce2a738 => C:\Users\CHRIS~1.MOM\AppData\Local\Temp\\setup1319358776.exe <==== ATTENTION
Task: {F84E5F6F-CC31-4969-AD6F-C1D5D878F036} - \ed3bb710 No Task File <==== ATTENTION
Task: {FB4DA0F4-DD86-4DD9-8BD6-82801FDECE4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {FFA8725B-9196-4EF9-8C30-D9EE6E406DF0} - System32\Tasks\{197A1618-8A14-4A8A-B964-A1AE35685E47} => Firefox.exe http://ui.skype.com/...;page=tsInstall
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3385600622-3777350188-503640899-1000Core.job => C:\Users\Mom\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3385600622-3777350188-503640899-1000UA.job => C:\Users\Mom\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-29 19:26 - 2010-02-17 18:25 - 00181760 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2012-01-29 19:26 - 2010-02-09 15:55 - 00055296 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2013-12-19 10:36 - 2013-12-19 10:36 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2012-01-29 19:26 - 2010-02-17 18:25 - 00149504 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2012-01-29 19:25 - 2011-04-29 18:30 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-29 19:25 - 2011-02-15 14:15 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2012-01-29 19:25 - 2011-02-15 14:15 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2012-01-29 19:25 - 2011-02-15 14:16 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2012-01-29 19:25 - 2011-02-15 14:15 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2012-01-29 22:26 - 2011-02-15 13:25 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2012-01-29 22:26 - 2011-04-29 17:55 - 00658432 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2014-09-26 20:37 - 2014-09-23 23:09 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-04 10:07 - 2014-11-04 10:08 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:178D4338
AlternateDataStreams: C:\ProgramData\TEMP:30C74695
AlternateDataStreams: C:\ProgramData\TEMP:3C7F3296
AlternateDataStreams: C:\ProgramData\TEMP:402E8B54
AlternateDataStreams: C:\ProgramData\TEMP:4AC9B4B7
AlternateDataStreams: C:\ProgramData\TEMP:822DC04E
AlternateDataStreams: C:\ProgramData\TEMP:C15430E0
AlternateDataStreams: C:\ProgramData\TEMP:E0648389

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-3385600622-3777350188-503640899-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: PenCommService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: ZuneNetworkSvc => 3
MSCONFIG\Services: ZuneWlanCfgSvc => 3
MSCONFIG\startupfolder: C:^Users^Mom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Facebook Update => "C:\Users\Mom\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KBD => C:\HP\KBD\KbdStub.EXE
MSCONFIG\startupreg: LDTray => C:\Program Files (x86)\Livescribe\Livescribe Desktop\LDTray.exe
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: PATHlist => rundll32 "C:\Users\Mom\AppData\Local\Temp\diskpgrd.dll",DllEntryPoint
MSCONFIG\startupreg: Power2GoExpress => NA
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchEngineProtection => C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Mom\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Mom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: WrtMon.exe => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3385600622-3777350188-503640899-500 - Administrator - Disabled)
Guest (S-1-5-21-3385600622-3777350188-503640899-501 - Limited - Disabled)
Mom (S-1-5-21-3385600622-3777350188-503640899-1000 - Administrator - Enabled) => C:\Users\Mom

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2014 02:08:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2014 11:28:55 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/06/2014 11:27:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2014 10:29:30 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/06/2014 10:00:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 08:30:53 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/05/2014 08:23:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 07:50:45 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/05/2014 07:46:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2014 00:18:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/06/2014 02:08:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVG WatchDog3758162315 (0xE001018B)

Error: (11/06/2014 11:29:04 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/06/2014 11:29:04 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/06/2014 11:28:55 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/06/2014 11:28:43 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/06/2014 11:27:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: AVGIDSDriver
Avgldx64
SASDIFSV
SASKUTIL
spldr
Wanarpv6

Error: (11/06/2014 11:27:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: AVGIDSAgentAVGIDSDriver%%31

Error: (11/06/2014 11:27:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068

Error: (11/06/2014 11:25:56 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:08:51 AM on 11/6/2014 was unexpected.

Error: (11/06/2014 11:08:32 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-06 15:08:52.959
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-06 15:08:51.712
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-06 15:08:50.621
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-06 15:08:47.918
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-06 15:08:46.971
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-06 15:08:45.946
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-06 15:08:44.752
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-06 15:08:43.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-06 15:08:41.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-06 15:08:40.136
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ Dual Core Processor 4850e
Percentage of memory in use: 47%
Total physical RAM: 4989.58 MB
Available physical RAM: 2614.34 MB
Total Pagefile: 10207.68 MB
Available Pagefile: 7593.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:452.83 GB) (Free:288.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.93 GB) (Free:1.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=452.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#4
Essexboy
Posted 06 November 2014 - 04:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There are a few minor adware elements to remove, but I would like to try a small test before I get to them

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
Cleanboot1.JPG
2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.
cleanboot2.JPG
5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.
7.Do you get the same crashes when you try to connect ?
  • 0

#5
onnaday
Posted 06 November 2014 - 05:58 PM

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Great News! After following the above instructions the computer did not freeze.


  • 0

#6
Essexboy
Posted 07 November 2014 - 06:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Grand, OK lets remove the adware and then see if we can resolve which element is causing the problem

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
NOW FOR THE BORING BIT

Go back into MSConfig as before and re-enable half of the services that have been disabled.
Reboot the computer and re-test for crashes
How does that go

If it does crash can you tell me which services you re-enabled
  • 0

#7
onnaday
Posted 07 November 2014 - 02:50 PM

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

The report that was generated after running the AdWcleaner is below. I did want to mention that in the middle of the first attempted scan the computer shut down and restarted on its own. Upon the reboot it said that Mozilla was updating. I am not sure if that was a coincidence or not but I wanted to let you know in case there is something still lurking. The second attempt at running the adware cleaner went smoothly. Next I will start with the MSConfig task. Thanks so much for all you have done thus far!

 

~Onnaday

 

# AdwCleaner v3.311 - Report created 07/11/2014 at 14:37:54
# Updated 30/09/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Mom - MOM-PC
# Running from : C:\Users\Mom\Downloads\AdwCleaner(2).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\user.js
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\Program Files (x86)\GamesBar
Folder Found : C:\Program Files (x86)\tencent
Folder Found : C:\Program Files (x86)\Viewpoint
Folder Found : C:\ProgramData\GamesBar
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
Folder Found : C:\ProgramData\tencent
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\chris.Mom-PC\AppData\Local\OpenCandy
Folder Found : C:\Users\chris.Mom-PC\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\chris\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Mom\AppData\Local\PackageAware
Folder Found : C:\Users\Mom\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Mom\AppData\LocalLow\Viewpoint
Folder Found : C:\Users\Mom\AppData\Roaming\iWin
Folder Found : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\[email protected]
Folder Found : C:\Users\Mom\Documents\DealRunner
Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Scheduled Tasks ] *****

Task Found : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\gamesbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C7576B9D-B442-46BC-AF74-080A9E723E01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\gamesbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Tencent
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\gamesbar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C7576B9D-B442-46BC-AF74-080A9E723E01}
Key Found : [x64] HKCU\Software\Tencent
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\oberontb.band
Key Found : HKLM\SOFTWARE\Classes\oberontb.band.1
Key Found : HKLM\SOFTWARE\Classes\oberontb.GamesBarBHO
Key Found : HKLM\SOFTWARE\Classes\oberontb.GamesBarBHO.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\gamesbar
Key Found : HKLM\SOFTWARE\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamesbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\SOFTWARE\Tencent
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Viewpoint
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16584


-\\ Mozilla Firefox v33.0.3 (x86 en-US)

[ File : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\l3n2jkku.default\prefs.js ]


[ File : C:\Users\chris.Mom-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5mdn0f4s.default\prefs.js ]

Line Found : user_pref("extentions.y2layers.installId", "b8d46927-9925-4a20-9fa1-ffd1432e1c70");

[ File : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\prefs.js ]

Line Found : user_pref("browser.search.defaultengine", "Search-Results");
Line Found : user_pref("browser.search.order.1", "Search-Results");
Line Found : user_pref("extensions.asktb.cbid", "OC");
Line Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
Line Found : user_pref("extensions.asktb.first-restart-after-config-update", true);
Line Found : user_pref("extensions.asktb.fresh-install", false);
Line Found : user_pref("extensions.asktb.l", "dis");
Line Found : user_pref("extensions.asktb.last-config-req", "1292120230805");
Line Found : user_pref("extensions.asktb.locale", "en_US");
Line Found : user_pref("extensions.asktb.o", "16074");
Line Found : user_pref("extensions.asktb.options-lang", "en");
Line Found : user_pref("extensions.asktb.options-locale", "ZZ");
Line Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Found : user_pref("extensions.asktb.qsrc", "2871");
Line Found : user_pref("extensions.asktb.r", "2");
Line Found : user_pref("extensions.asktb.search-history-queries", "big bucks bas ternanent||big bucks bas ternanent fishing||big bucks bass ternamint fishing||ask jeves||consumer reports||home theater tvs||granger[...]
Line Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Line Found : user_pref("keyword.URL", "hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=FW-SRS&o=16074&locale=en_US&apn_uid=68F78CDC-0616-4940-8420-ECDEA2A2E99D&apn_ptnrs=OC&apn_sauid=0D551703-16AF[...]
Line Found : user_pref("plugin.blocklisted.npviewpoint", true);

-\\ Google Chrome v

[ File : C:\Users\chris.Mom-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2132 octets] - [07/11/2014 14:24:14]
AdwCleaner[R1].txt - [15336 octets] - [07/11/2014 14:37:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [15397 octets] ##########


  • 0

#8
Essexboy
Posted 07 November 2014 - 02:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The proof of the pudding will come when we can isolate the service that is causing the problem, apart from that one crash how is it behaving ?
  • 0

#9
onnaday
Posted 07 November 2014 - 08:25 PM

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

I am happy to report that after adding back everything we disabled, all is fine. Have been online, played several videos and am listening to the Blackhawks game as I type. Could it have been the adware causing the issue?

 

One other thing that is puzzling. On the bottom task bar I get a red Microsoft security shield that tells me that my AVG virus protection is turned off. This was happening at the same time that the computer kept crashing so that is what prompted me to think it was a virus. When I try to turn AVG back on in the Microsoft Security Center, nothing works. When I go to the AVG program itself, it says there are no active components. Any thoughts on if I should uninstall AVG?

 

As before, I am most grateful for your help!


  • 0

#10
Essexboy
Posted 08 November 2014 - 05:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes that was my initial thought, a problem with AVG

Download the AVG removal tool from here to your desktop http://www.avg.com/gb-en/utilities

Then download a fresh copy of AVG if you wish to use that, if you wish to try a different AV let me know and I will provide a link

Uninstall AVG via Control Panel > Programmes and Features
Reboot
Run The AVG uninstall tool
Reboot
Install your AV of choice and then let me know how it is running
  • 0

Advertisements

#11
onnaday
Posted 08 November 2014 - 10:40 PM

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Sorry for the late reply. However, I did have a computer freeze/crash this evening. I followed your previous MSConfig troubleshooting guidelines and disabled all Apple/IPod/Bonjour services. I suspected those because a menu popped up upon the restart after the crash asking me to update/install those services. After disabling those three services, the computer is running fine. I will give the computer a better workout tomorrow to see if a freeze/crash occurs again. I am concerned about the Malwarebytes log below. I am not sure what the detection entries mean or if I should be concerned. As always, thanks for your oversight and guidance. I will keep you posted!

 

~Onnaday

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 11/8/2014 10:07:09 AM, SYSTEM, MOM-PC, Protection, Malware Protection, Starting,
Protection, 11/8/2014 10:07:09 AM, SYSTEM, MOM-PC, Protection, Malware Protection, Started,
Protection, 11/8/2014 10:07:09 AM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, Starting,
Protection, 11/8/2014 10:08:35 AM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, Started,
Protection, 11/8/2014 8:05:05 PM, SYSTEM, MOM-PC, Protection, Malware Protection, Starting,
Protection, 11/8/2014 8:05:05 PM, SYSTEM, MOM-PC, Protection, Malware Protection, Started,
Protection, 11/8/2014 8:05:05 PM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, Starting,
Protection, 11/8/2014 8:06:09 PM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, Started,
Protection, 11/8/2014 8:29:13 PM, SYSTEM, MOM-PC, Protection, Malware Protection, Starting,
Protection, 11/8/2014 8:29:13 PM, SYSTEM, MOM-PC, Protection, Malware Protection, Started,
Protection, 11/8/2014 8:29:13 PM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, Starting,
Protection, 11/8/2014 8:30:16 PM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, Started,
Update, 11/8/2014 8:36:49 PM, SYSTEM, MOM-PC, Scheduler, Rootkit Database, 2014.11.1.2, 2014.11.8.1,
Update, 11/8/2014 8:37:01 PM, SYSTEM, MOM-PC, Scheduler, Malware Database, 2014.11.8.1, 2014.11.9.1,
Protection, 11/8/2014 8:37:01 PM, SYSTEM, MOM-PC, Protection, Refresh, Starting,
Protection, 11/8/2014 8:37:01 PM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, Stopping,
Protection, 11/8/2014 8:37:01 PM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, Stopped,
Protection, 11/8/2014 8:37:12 PM, SYSTEM, MOM-PC, Protection, Refresh, Success,
Protection, 11/8/2014 8:37:12 PM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, Starting,
Protection, 11/8/2014 8:37:13 PM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, Started,
Protection, 11/8/2014 9:40:19 PM, SYSTEM, MOM-PC, Protection, Malware Protection, Starting,
Protection, 11/8/2014 9:40:19 PM, SYSTEM, MOM-PC, Protection, Malware Protection, Started,
Protection, 11/8/2014 9:40:19 PM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, Starting,
Protection, 11/8/2014 9:42:05 PM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, Started,
Detection, 11/8/2014 10:27:21 PM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, IP, 68.71.58.34, kickass.to, 0, Outbound,
Detection, 11/8/2014 10:27:23 PM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, IP, 91.202.63.160, movie4k.to, 0, Outbound,
Detection, 11/8/2014 10:27:26 PM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, IP, 91.202.63.7, cy-pr.com, 0, Outbound,
Detection, 11/8/2014 10:27:32 PM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, IP, 91.98.28.98, digikala.com, 0, Outbound,
Detection, 11/8/2014 10:27:42 PM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, IP, 93.115.92.115, tukif.com, 0, Outbound,
Detection, 11/8/2014 10:27:44 PM, SYSTEM, MOM-PC, Protection, Malicious Website Protection, IP, 5.150.195.169, 0427d7.se, 0, Outbound,

(end)


  • 0

#12
Essexboy
Posted 09 November 2014 - 04:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I sometimes find MBAM overzealous on the blocking side, but if you can run a fresh FRST scan for me I will check it out
  • 0

#13
onnaday
Posted 09 November 2014 - 06:43 PM

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Good Evening! I spoke too soon on the Apple/Ipod/Bonjour disabling. The computer crashed again last night just after I sent you that post. For now, I will keep them disabled and not try to troubleshoot which to enable on the MSConfig instructions until I hear back from you on the latest Farbar scan.

 

Thanks for sticking with me!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Mom (administrator) on MOM-PC on 09-11-2014 17:53:22
Running from C:\Users\Mom\Downloads
Loaded Profile: Mom (Available profiles: Mom)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\HelpPane.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Mom\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-08] (AVAST Software)
HKLM\...\RunOnce: [PCDrProfiler] => C:\Program Files\PC-Doctor for Windows\RunProfiler.exe [102912 2008-09-09] (PC-Doctor, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3385600622-3777350188-503640899-1000\...\MountPoints2: {79f51818-c539-11dd-9c1a-002354132958} - L:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {42702B0B-C9A6-45FF-A76A-3B84C4ACFC37} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM - {470627EC-50FE-4C12-9E97-781485EB3CF3} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect...nType=tb50trie7
SearchScopes: HKLM-x32 - {42702B0B-C9A6-45FF-A76A-3B84C4ACFC37} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {470627EC-50FE-4C12-9E97-781485EB3CF3} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect...nType=tb50trie7
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.casualg...q={searchTerms}
SearchScopes: HKCU - {42702B0B-C9A6-45FF-A76A-3B84C4ACFC37} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {470627EC-50FE-4C12-9E97-781485EB3CF3} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKCU - {6C9D2F79-E1FB-428C-8FBC-68FC01C533DD} URL = http://search.freeca...p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Qualys BrowserCheck IE Helper -> {7D2FB79E-E58C-4DB5-A36F-AC1C73967FA5} -> C:\Windows\Downloaded Program Files\qbc_bho.dll (Qualys, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
BHO-x32: No Name -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} ->  No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/stg_drm.ocx
DPF: HKLM-x32 {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck....com/qbc_ax.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/armhelper.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default
FF Homepage: hxxp://www.aol.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @pack.google.com/Google Updater;version=13 -> C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3385600622-3777350188-503640899-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mom\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\searchplugins\search-results.xml
FF Extension: SlingHealth - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\[email protected] [2010-12-26]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-25]
FF Extension: Qualys BrowserCheck - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2014-09-13]
FF Extension: Test Pilot - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\[email protected] [2011-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-08]
FF Extension: No Name - [email protected] [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-07-24]
CHR Extension: (avast! WebRep) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2011-07-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-04-29] (Affinegy, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-08] (AVAST Software)
S2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] () [File not signed]
S2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-26] (WildTangent)
S2 gupdate1c99932c93e7d83; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912 2014-10-26] (Google Inc.)
S2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] () [File not signed]
S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-07-21] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2009-08-14] (Alcatel-Lucent) [File not signed]
S2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-08-14] (Alcatel-Lucent) [File not signed]
S4 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [151552 2009-03-30] (Livescribe) [File not signed]
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [295424 2011-04-08] (Puran Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-08] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-11-08] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-08] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-08] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-08] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-11-08] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-08] ()
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-08] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-09-16] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-06-06] (NVIDIA Corporation)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [24576 2009-07-22] (Windows ® Codename Longhorn DDK provider)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 17:52 - 2014-11-09 17:53 - 02116096 _____ (Farbar) C:\Users\Mom\Downloads\FRST64(1).exe
2014-11-08 22:35 - 2014-11-08 22:35 - 00003246 _____ () C:\Users\Mom\Desktop\malwarebytes.txt
2014-11-08 22:17 - 2014-11-08 22:17 - 00001829 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-08 22:17 - 2014-11-08 22:17 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\AVAST Software
2014-11-08 22:17 - 2014-11-08 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-08 22:16 - 2014-11-08 22:16 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-08 22:16 - 2014-11-08 22:16 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-08 22:16 - 2014-11-08 22:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-08 22:05 - 2014-11-08 22:06 - 05004328 _____ (AVAST Software) C:\Users\Mom\Downloads\avast_free_antivirus_setup_online.exe
2014-11-08 21:36 - 2014-11-08 21:42 - 00620720 _____ () C:\Users\Mom\Downloads\avgremover.log
2014-11-08 21:36 - 2014-11-08 21:36 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Mom\Downloads\avg_remover_stf_x64_2015_5501.exe
2014-11-07 14:37 - 2014-11-07 14:37 - 01375089 _____ () C:\Users\Mom\Downloads\AdwCleaner(2).exe
2014-11-07 14:24 - 2014-11-07 14:52 - 00000000 ____D () C:\AdwCleaner
2014-11-07 14:23 - 2014-11-07 14:23 - 01375089 _____ () C:\Users\Mom\Downloads\AdwCleaner(1).exe
2014-11-07 13:41 - 2014-11-07 13:41 - 00000162 ____H () C:\Users\Mom\Documents\~$ntal_Agreement_-_730_Allison.wps
2014-11-06 15:09 - 2014-11-06 15:12 - 00039029 _____ () C:\Users\Mom\Downloads\Addition.txt
2014-11-06 15:08 - 2014-11-09 17:53 - 00000000 _____ () C:\Users\Mom\Downloads\FRST.txt
2014-11-06 15:07 - 2014-11-09 17:53 - 00000000 ____D () C:\FRST
2014-11-06 15:07 - 2014-11-06 15:07 - 02114560 _____ (Farbar) C:\Users\Mom\Downloads\FRST64.exe
2014-11-06 14:38 - 2014-11-06 14:38 - 00091136 _____ () C:\Users\Mom\Documents\Rental_Agreement_-_730_Allison.wps
2014-11-06 14:20 - 2014-11-06 21:19 - 00000000 ____D () C:\Users\Mom\Desktop\2014_11_06
2014-11-06 11:25 - 2014-11-06 11:25 - 00271720 _____ () C:\Windows\Minidump\Mini110614-01.dmp
2014-11-06 09:58 - 2014-11-09 07:46 - 00003920 _____ () C:\Windows\PFRO.log
2014-11-05 21:14 - 2014-11-05 21:14 - 00000000 ____D () C:\SUPERDelete
2014-11-05 21:13 - 2014-11-07 14:57 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-05 21:13 - 2014-11-05 21:13 - 00001758 _____ () C:\Users\Mom\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-11-05 21:13 - 2014-11-05 21:13 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\SUPERAntiSpyware.com
2014-11-05 21:13 - 2014-11-05 21:13 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-11-05 21:13 - 2014-11-05 21:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-11-05 21:10 - 2014-11-05 21:12 - 20170344 _____ (SUPERAntiSpyware) C:\Users\Mom\Downloads\SAS_5305.EXE
2014-11-05 20:38 - 2014-11-05 20:41 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Mom\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-05 20:21 - 2014-11-05 20:22 - 00271720 _____ () C:\Windows\Minidump\Mini110514-01.dmp
2014-11-03 19:39 - 2014-11-03 19:39 - 00001073 _____ () C:\Users\Mom\Desktop\730_Rental_application-1 - Shortcut.lnk
2014-11-01 09:04 - 2014-11-01 09:04 - 00078392 _____ () C:\Users\Mom\Desktop\OTL.Txt
2014-11-01 08:32 - 2014-11-01 09:34 - 00062188 _____ () C:\Users\Mom\Downloads\Extras.Txt
2014-11-01 08:31 - 2014-11-01 08:56 - 00078392 _____ () C:\Users\Mom\Downloads\OTL.Txt
2014-11-01 08:17 - 2014-11-01 08:17 - 00602112 _____ (OldTimer Tools) C:\Users\Mom\Downloads\OTL.exe
2014-10-26 09:53 - 2014-11-02 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games for HP
2014-10-20 10:28 - 2014-09-27 17:41 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-20 10:28 - 2014-09-17 00:57 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-20 10:28 - 2014-09-16 10:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-20 10:23 - 2014-06-15 16:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-20 10:23 - 2014-06-15 16:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-20 10:23 - 2014-06-13 12:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-20 10:23 - 2014-06-13 12:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-20 10:23 - 2014-06-13 11:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-20 10:23 - 2014-06-13 11:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-20 10:22 - 2014-09-04 17:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-18 19:03 - 2014-10-18 19:04 - 00000000 ____D () C:\dcc39b12c2316342209602a298
2014-10-17 18:27 - 2014-10-17 18:27 - 00275960 _____ () C:\Windows\Minidump\Mini101714-01.dmp
2014-10-15 09:11 - 2014-09-19 18:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 09:11 - 2014-09-19 17:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 09:11 - 2014-09-19 17:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 09:11 - 2014-09-19 17:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 09:11 - 2014-09-19 17:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 09:11 - 2014-09-19 17:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 09:11 - 2014-09-19 17:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 09:11 - 2014-09-19 17:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 09:11 - 2014-09-19 17:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 09:11 - 2014-09-19 17:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 09:11 - 2014-09-19 17:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 09:11 - 2014-09-19 17:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 09:11 - 2014-09-19 17:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 09:11 - 2014-09-19 17:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 09:11 - 2014-09-19 17:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 09:11 - 2014-09-19 17:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 09:11 - 2014-09-19 17:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 09:11 - 2014-09-19 17:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 09:11 - 2014-09-19 16:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 09:11 - 2014-09-19 16:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 09:11 - 2014-09-19 16:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 09:11 - 2014-09-19 16:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 09:11 - 2014-09-19 16:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 09:11 - 2014-09-19 16:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-15 09:11 - 2014-09-19 16:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 09:11 - 2014-09-19 16:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 09:11 - 2014-09-19 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 09:11 - 2014-09-19 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 09:11 - 2014-09-19 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 09:11 - 2014-09-19 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-15 09:11 - 2014-09-19 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 09:11 - 2014-09-19 16:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 09:11 - 2014-09-19 16:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 09:11 - 2014-09-19 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 09:11 - 2014-09-19 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-15 09:11 - 2014-09-19 16:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 09:10 - 2014-09-19 17:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 09:10 - 2014-09-19 17:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 09:10 - 2014-09-19 17:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 09:10 - 2014-09-19 16:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 09:10 - 2014-09-19 16:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 09:10 - 2014-09-19 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-15 08:52 - 2014-10-15 08:52 - 00000000 __SHD () C:\found.000
2014-10-13 10:39 - 2014-10-13 10:39 - 00275960 _____ () C:\Windows\Minidump\Mini101314-01.dmp
2014-10-12 16:18 - 2014-10-12 16:18 - 00000162 ____H () C:\Users\Mom\Documents\~$orage Cover Letter.wps
2014-10-10 17:21 - 2014-10-10 17:21 - 00275960 _____ () C:\Windows\Minidump\Mini101014-02.dmp
2014-10-10 09:22 - 2014-10-10 09:23 - 00275960 _____ () C:\Windows\Minidump\Mini101014-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 17:47 - 2006-11-02 06:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 22:17 - 2012-07-11 18:25 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-08 22:17 - 2009-06-30 08:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-08 22:09 - 2011-07-24 21:31 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-08 22:04 - 2012-09-17 20:59 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3385600622-3777350188-503640899-1000UA.job
2014-11-08 22:04 - 2012-09-17 20:59 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3385600622-3777350188-503640899-1000Core.job
2014-11-08 21:48 - 2014-06-09 19:39 - 01485381 _____ () C:\Windows\WindowsUpdate.log
2014-11-08 21:42 - 2014-07-30 20:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-08 21:40 - 2009-06-30 08:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-08 21:39 - 2012-05-15 09:02 - 00000000 ____D () C:\Windows\SysWOW64\logishrd
2014-11-08 21:39 - 2012-05-15 09:02 - 00000000 ____D () C:\Windows\system32\logishrd
2014-11-08 21:39 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-08 21:39 - 2006-11-02 09:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-08 21:39 - 2006-11-02 09:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-08 21:37 - 2006-11-02 09:42 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-07 14:54 - 2014-09-26 20:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-07 14:36 - 2014-09-23 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-07 12:39 - 2011-07-13 21:09 - 00003670 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7773CC6A-F13A-45CF-95B9-1FCA42AC7C7D}
2014-11-06 14:38 - 2008-11-19 20:40 - 00029764 _____ () C:\Users\Mom\AppData\Roaming\wklnhst.dat
2014-11-06 14:18 - 2008-11-19 20:39 - 00003570 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-11-06 11:25 - 2011-07-16 23:52 - 00000000 ____D () C:\Windows\Minidump
2014-11-06 11:24 - 2014-10-08 16:57 - 406287712 _____ () C:\Windows\MEMORY.DMP
2014-11-05 21:14 - 2008-09-06 02:38 - 00000000 ____D () C:\Program Files\AWS
2014-11-05 20:41 - 2014-07-30 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-05 20:41 - 2014-07-30 20:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-05 20:41 - 2013-02-03 18:17 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-05 20:10 - 2012-01-30 22:03 - 00001460 _____ () C:\Users\Mom\AppData\Local\d3d9caps64.dat
2014-11-04 10:08 - 2014-08-27 15:58 - 00000000 ____D () C:\Users\Mom\AppData\Local\Adobe
2014-11-04 10:08 - 2014-06-09 20:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-04 10:08 - 2014-06-09 20:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-04 10:06 - 2012-01-31 20:20 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\HpUpdate
2014-11-03 10:41 - 2008-12-25 12:47 - 00000000 ____D () C:\Program Files (x86)\Ouba
2014-11-02 10:38 - 2011-12-15 13:12 - 00002152 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-11-02 10:38 - 2006-11-02 09:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-28 05:34 - 2009-10-03 00:48 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 11:12 - 2009-06-30 08:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-26 11:12 - 2009-06-30 08:19 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-26 09:53 - 2011-12-15 13:11 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-10-20 12:59 - 2014-08-01 19:03 - 00316192 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-20 10:25 - 2009-03-10 19:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 19:08 - 2008-11-19 19:54 - 00000000 ____D () C:\Users\Mom
2014-10-18 19:04 - 2013-08-06 08:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 19:04 - 2006-11-02 06:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Files to move or delete:
====================
C:\Users\chris.Mom-PC\jagex_runescape_preferences.dat
C:\Users\chris.Mom-PC\jagex_runescape_preferences2.dat


Some content of TEMP:
====================
C:\Users\Mom\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-09 08:14

==================== End Of Log ============================


  • 0

#14
Essexboy
Posted 10 November 2014 - 08:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The apple programmes do not really need to run on startup, I have them disabled on my system :)

OK lets clear the ones that no other programme gets to and then look at the startups

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
BHO-x32: No Name -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Extension: No Name - [email protected] [Not Found]
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that


Now are you in a fully clean boot mode or do you have some services enabled

Could you screenshot the services tab so that I can see what is there
  • 0

#15
onnaday
Posted 11 November 2014 - 07:51 PM

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Apologies again for the delay in getting back to you. I had difficulties getting the fixlist to save to the same location as the FRST location. I did try again this evening and hopefully was successful. Here is the log generated after running the fix. Thanks again for your help. ~Onnaday

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by Mom at 2014-11-11 19:42:41 Run:1
Running from C:\Users\Mom\Downloads
Loaded Profile: Mom (Available profiles: Mom)
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
BHO-x32: No Name -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Extension: No Name - [email protected] [Not Found]
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{CB0D163C-E9F4-4236-9496-0597E24B23A5}" => Key not found.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP